1 /* $OpenBSD: if_run.c,v 1.34 2009/11/17 20:13:42 damien Exp $ */ 2 3 /*- 4 * Copyright (c) 2008,2009 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /*- 20 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 21 * http://www.ralinktech.com/ 22 */ 23 24 #include "bpfilter.h" 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/sysctl.h> 29 #include <sys/mbuf.h> 30 #include <sys/kernel.h> 31 #include <sys/socket.h> 32 #include <sys/systm.h> 33 #include <sys/timeout.h> 34 #include <sys/conf.h> 35 #include <sys/device.h> 36 37 #include <machine/bus.h> 38 #include <machine/endian.h> 39 #include <machine/intr.h> 40 41 #if NBPFILTER > 0 42 #include <net/bpf.h> 43 #endif 44 #include <net/if.h> 45 #include <net/if_arp.h> 46 #include <net/if_dl.h> 47 #include <net/if_media.h> 48 #include <net/if_types.h> 49 50 #include <netinet/in.h> 51 #include <netinet/in_systm.h> 52 #include <netinet/in_var.h> 53 #include <netinet/if_ether.h> 54 #include <netinet/ip.h> 55 56 #include <net80211/ieee80211_var.h> 57 #include <net80211/ieee80211_amrr.h> 58 #include <net80211/ieee80211_radiotap.h> 59 60 #include <dev/usb/usb.h> 61 #include <dev/usb/usbdi.h> 62 #include <dev/usb/usbdi_util.h> 63 #include <dev/usb/usbdevs.h> 64 65 #include <dev/ic/rt2860reg.h> /* shared with ral(4) */ 66 #include <dev/usb/if_runvar.h> 67 68 #ifdef USB_DEBUG 69 #define RUN_DEBUG 70 #endif 71 72 #ifdef RUN_DEBUG 73 #define DPRINTF(x) do { if (run_debug) printf x; } while (0) 74 #define DPRINTFN(n, x) do { if (run_debug >= (n)) printf x; } while (0) 75 int run_debug = 0; 76 #else 77 #define DPRINTF(x) 78 #define DPRINTFN(n, x) 79 #endif 80 81 #define USB_ID(v, p) { USB_VENDOR_##v, USB_PRODUCT_##v##_##p } 82 static const struct usb_devno run_devs[] = { 83 USB_ID(ABOCOM, RT2770), 84 USB_ID(ABOCOM, RT2870), 85 USB_ID(ABOCOM, RT3070), 86 USB_ID(ABOCOM, RT3071), 87 USB_ID(ABOCOM, RT3072), 88 USB_ID(ABOCOM2, RT2870_1), 89 USB_ID(ACCTON, RT2770), 90 USB_ID(ACCTON, RT2870_1), 91 USB_ID(ACCTON, RT2870_2), 92 USB_ID(ACCTON, RT2870_3), 93 USB_ID(ACCTON, RT2870_4), 94 USB_ID(ACCTON, RT2870_5), 95 USB_ID(ACCTON, RT3070_1), 96 USB_ID(ACCTON, RT3070_2), 97 USB_ID(ACCTON, RT3070_3), 98 USB_ID(ACCTON, RT3070_4), 99 USB_ID(AIRTIES, RT3070), 100 USB_ID(AMIGO, RT2870_1), 101 USB_ID(AMIGO, RT2870_2), 102 USB_ID(AMIT, CGWLUSB2GNR), 103 USB_ID(AMIT, RT2870_1), 104 USB_ID(AMIT2, RT2870), 105 USB_ID(ASUS, RT2870_1), 106 USB_ID(ASUS, RT2870_2), 107 USB_ID(ASUS, RT2870_3), 108 USB_ID(ASUS, RT2870_4), 109 USB_ID(ASUS, RT2870_5), 110 USB_ID(ASUS, RT3070), 111 USB_ID(ASUS2, USBN11), 112 USB_ID(AZUREWAVE, RT2870_1), 113 USB_ID(AZUREWAVE, RT2870_2), 114 USB_ID(AZUREWAVE, RT3070_1), 115 USB_ID(AZUREWAVE, RT3070_2), 116 USB_ID(AZUREWAVE, RT3070_3), 117 USB_ID(BELKIN, F5D8053V3), 118 USB_ID(BELKIN, F5D8055), 119 USB_ID(BELKIN, F6D4050V1), 120 USB_ID(BELKIN, RT2870_1), 121 USB_ID(BELKIN, RT2870_2), 122 USB_ID(CISCOLINKSYS2, RT3070), 123 USB_ID(CONCEPTRONIC2, RT2870_1), 124 USB_ID(CONCEPTRONIC2, RT2870_2), 125 USB_ID(CONCEPTRONIC2, RT2870_3), 126 USB_ID(CONCEPTRONIC2, RT2870_4), 127 USB_ID(CONCEPTRONIC2, RT2870_5), 128 USB_ID(CONCEPTRONIC2, RT2870_6), 129 USB_ID(CONCEPTRONIC2, RT2870_7), 130 USB_ID(CONCEPTRONIC2, RT2870_8), 131 USB_ID(CONCEPTRONIC2, VIGORN61), 132 USB_ID(COREGA, CGWLUSB300GNM), 133 USB_ID(COREGA, RT2870_1), 134 USB_ID(COREGA, RT2870_2), 135 USB_ID(COREGA, RT2870_3), 136 USB_ID(COREGA, RT3070), 137 USB_ID(CYBERTAN, RT2870), 138 USB_ID(DLINK, RT2870), 139 USB_ID(DLINK, RT3072), 140 USB_ID(DLINK2, DWA130), 141 USB_ID(DLINK2, RT2870_1), 142 USB_ID(DLINK2, RT2870_2), 143 USB_ID(DLINK2, RT3070_1), 144 USB_ID(DLINK2, RT3070_2), 145 USB_ID(DLINK2, RT3070_3), 146 USB_ID(DLINK2, RT3070_4), 147 USB_ID(DLINK2, RT3072), 148 USB_ID(EDIMAX, EW7717), 149 USB_ID(EDIMAX, EW7718), 150 USB_ID(EDIMAX, RT2870_1), 151 USB_ID(ENCORE, RT3070_1), 152 USB_ID(ENCORE, RT3070_2), 153 USB_ID(ENCORE, RT3070_3), 154 USB_ID(GIGABYTE, GNWB31N), 155 USB_ID(GIGABYTE, GNWB32L), 156 USB_ID(GIGABYTE, RT2870_1), 157 USB_ID(GIGASET, RT3070_1), 158 USB_ID(GIGASET, RT3070_2), 159 USB_ID(GUILLEMOT, HWNU300), 160 USB_ID(HAWKING, HWUN2), 161 USB_ID(HAWKING, RT2870_1), 162 USB_ID(HAWKING, RT2870_2), 163 USB_ID(HAWKING, RT3070), 164 USB_ID(IODATA, RT3072_1), 165 USB_ID(IODATA, RT3072_2), 166 USB_ID(IODATA, RT3072_3), 167 USB_ID(IODATA, RT3072_4), 168 USB_ID(LINKSYS4, WUSB100), 169 USB_ID(LINKSYS4, WUSB54GCV3), 170 USB_ID(LINKSYS4, WUSB600N), 171 USB_ID(LOGITEC, RT2870_1), 172 USB_ID(LOGITEC, RT2870_2), 173 USB_ID(LOGITEC, RT2870_3), 174 USB_ID(MELCO, WLIUCAG300N), 175 USB_ID(MELCO, WLIUCG300N), 176 USB_ID(MELCO, WLIUCGN), 177 USB_ID(MSI, RT3070_1), 178 USB_ID(MSI, RT3070_2), 179 USB_ID(MSI, RT3070_3), 180 USB_ID(MSI, RT3070_4), 181 USB_ID(MSI, RT3070_5), 182 USB_ID(MSI, RT3070_6), 183 USB_ID(MSI, RT3070_7), 184 USB_ID(PARA, RT3070), 185 USB_ID(PEGATRON, RT2870), 186 USB_ID(PEGATRON, RT3070), 187 USB_ID(PEGATRON, RT3070_2), 188 USB_ID(PHILIPS, RT2870), 189 USB_ID(PLANEX2, GWUS300MINIS), 190 USB_ID(PLANEX2, GWUSMICRON), 191 USB_ID(PLANEX2, RT2870), 192 USB_ID(PLANEX2, RT3070), 193 USB_ID(QCOM, RT2870), 194 USB_ID(QUANTA, RT3070), 195 USB_ID(RALINK, RT2070), 196 USB_ID(RALINK, RT2770), 197 USB_ID(RALINK, RT2870), 198 USB_ID(RALINK, RT3070), 199 USB_ID(RALINK, RT3071), 200 USB_ID(RALINK, RT3072), 201 USB_ID(SAMSUNG2, RT2870_1), 202 USB_ID(SENAO, RT2870_1), 203 USB_ID(SENAO, RT2870_2), 204 USB_ID(SENAO, RT2870_3), 205 USB_ID(SENAO, RT2870_4), 206 USB_ID(SENAO, RT3070), 207 USB_ID(SENAO, RT3071), 208 USB_ID(SENAO, RT3072_1), 209 USB_ID(SENAO, RT3072_2), 210 USB_ID(SENAO, RT3072_3), 211 USB_ID(SENAO, RT3072_4), 212 USB_ID(SENAO, RT3072_5), 213 USB_ID(SITECOMEU, RT2770), 214 USB_ID(SITECOMEU, RT2870_1), 215 USB_ID(SITECOMEU, RT2870_2), 216 USB_ID(SITECOMEU, RT2870_3), 217 USB_ID(SITECOMEU, RT2870_4), 218 USB_ID(SITECOMEU, RT3070), 219 USB_ID(SITECOMEU, RT3070_2), 220 USB_ID(SITECOMEU, RT3070_3), 221 USB_ID(SITECOMEU, RT3070_4), 222 USB_ID(SITECOMEU, RT3072_1), 223 USB_ID(SITECOMEU, RT3072_2), 224 USB_ID(SITECOMEU, RT3072_3), 225 USB_ID(SITECOMEU, RT3072_4), 226 USB_ID(SITECOMEU, RT3072_5), 227 USB_ID(SITECOMEU, RT3072_6), 228 USB_ID(SITECOMEU, WL608), 229 USB_ID(SPARKLAN, RT2870_1), 230 USB_ID(SPARKLAN, RT3070), 231 USB_ID(SWEEX2, LW303), 232 USB_ID(SWEEX2, LW313), 233 USB_ID(UMEDIA, RT2870_1), 234 USB_ID(ZCOM, RT2870_1), 235 USB_ID(ZCOM, RT2870_2), 236 USB_ID(ZINWELL, RT2870_1), 237 USB_ID(ZINWELL, RT2870_2), 238 USB_ID(ZINWELL, RT3070), 239 USB_ID(ZINWELL, RT3072_1), 240 USB_ID(ZINWELL, RT3072_2), 241 USB_ID(ZYXEL, RT2870_1) 242 }; 243 244 int run_match(struct device *, void *, void *); 245 void run_attach(struct device *, struct device *, void *); 246 int run_detach(struct device *, int); 247 int run_alloc_rx_ring(struct run_softc *); 248 void run_free_rx_ring(struct run_softc *); 249 int run_alloc_tx_ring(struct run_softc *, int); 250 void run_free_tx_ring(struct run_softc *, int); 251 int run_load_microcode(struct run_softc *); 252 int run_reset(struct run_softc *); 253 int run_read(struct run_softc *, uint16_t, uint32_t *); 254 int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, 255 int); 256 int run_write_2(struct run_softc *, uint16_t, uint16_t); 257 int run_write(struct run_softc *, uint16_t, uint32_t); 258 int run_write_region_1(struct run_softc *, uint16_t, 259 const uint8_t *, int); 260 int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 261 int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 262 int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 263 int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 264 int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 265 int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 266 int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 267 int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 268 int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 269 const char * run_get_rf(int); 270 int run_read_eeprom(struct run_softc *); 271 struct ieee80211_node *run_node_alloc(struct ieee80211com *); 272 int run_media_change(struct ifnet *); 273 void run_next_scan(void *); 274 void run_task(void *); 275 void run_do_async(struct run_softc *, void (*)(struct run_softc *, 276 void *), void *, int); 277 int run_newstate(struct ieee80211com *, enum ieee80211_state, int); 278 void run_newstate_cb(struct run_softc *, void *); 279 void run_updateedca(struct ieee80211com *); 280 void run_updateedca_cb(struct run_softc *, void *); 281 int run_set_key(struct ieee80211com *, struct ieee80211_node *, 282 struct ieee80211_key *); 283 void run_set_key_cb(struct run_softc *, void *); 284 void run_delete_key(struct ieee80211com *, struct ieee80211_node *, 285 struct ieee80211_key *); 286 void run_delete_key_cb(struct run_softc *, void *); 287 void run_calibrate_to(void *); 288 void run_calibrate_cb(struct run_softc *, void *); 289 void run_newassoc(struct ieee80211com *, struct ieee80211_node *, 290 int); 291 void run_rx_frame(struct run_softc *, uint8_t *, int); 292 void run_rxeof(usbd_xfer_handle, usbd_private_handle, usbd_status); 293 void run_txeof(usbd_xfer_handle, usbd_private_handle, usbd_status); 294 int run_tx(struct run_softc *, struct mbuf *, 295 struct ieee80211_node *); 296 void run_start(struct ifnet *); 297 void run_watchdog(struct ifnet *); 298 int run_ioctl(struct ifnet *, u_long, caddr_t); 299 void run_select_chan_group(struct run_softc *, int); 300 void run_set_rx_antenna(struct run_softc *, int); 301 void run_rt2870_set_chan(struct run_softc *, u_int); 302 void run_rt3070_set_chan(struct run_softc *, u_int); 303 int run_set_chan(struct run_softc *, struct ieee80211_channel *); 304 void run_enable_tsf_sync(struct run_softc *); 305 void run_enable_mrr(struct run_softc *); 306 void run_set_txpreamble(struct run_softc *); 307 void run_set_basicrates(struct run_softc *); 308 void run_set_leds(struct run_softc *, uint16_t); 309 void run_set_bssid(struct run_softc *, const uint8_t *); 310 void run_set_macaddr(struct run_softc *, const uint8_t *); 311 void run_updateslot(struct ieee80211com *); 312 void run_updateslot_cb(struct run_softc *, void *); 313 #if NBPFILTER > 0 314 int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 315 #endif 316 int run_bbp_init(struct run_softc *); 317 int run_rt3070_rf_init(struct run_softc *); 318 int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 319 uint8_t *); 320 int run_txrx_enable(struct run_softc *); 321 int run_init(struct ifnet *); 322 void run_stop(struct ifnet *, int); 323 324 struct cfdriver run_cd = { 325 NULL, "run", DV_IFNET 326 }; 327 328 const struct cfattach run_ca = { 329 sizeof (struct run_softc), run_match, run_attach, run_detach 330 }; 331 332 static const struct { 333 uint32_t reg; 334 uint32_t val; 335 } rt2870_def_mac[] = { 336 RT2870_DEF_MAC 337 }; 338 339 static const struct { 340 uint8_t reg; 341 uint8_t val; 342 } rt2860_def_bbp[] = { 343 RT2860_DEF_BBP 344 }; 345 346 static const struct rfprog { 347 uint8_t chan; 348 uint32_t r1, r2, r3, r4; 349 } rt2860_rf2850[] = { 350 RT2860_RF2850 351 }; 352 353 struct { 354 uint8_t n, r, k; 355 } run_rf3020_freqs[] = { 356 RT3070_RF3020 357 }; 358 359 static const struct { 360 uint8_t reg; 361 uint8_t val; 362 } rt3070_def_rf[] = { 363 RT3070_DEF_RF 364 }; 365 366 int 367 run_match(struct device *parent, void *match, void *aux) 368 { 369 struct usb_attach_arg *uaa = aux; 370 371 if (uaa->iface != NULL) 372 return UMATCH_NONE; 373 374 return (usb_lookup(run_devs, uaa->vendor, uaa->product) != NULL) ? 375 UMATCH_VENDOR_PRODUCT : UMATCH_NONE; 376 } 377 378 void 379 run_attach(struct device *parent, struct device *self, void *aux) 380 { 381 struct run_softc *sc = (struct run_softc *)self; 382 struct usb_attach_arg *uaa = aux; 383 struct ieee80211com *ic = &sc->sc_ic; 384 struct ifnet *ifp = &ic->ic_if; 385 usb_interface_descriptor_t *id; 386 usb_endpoint_descriptor_t *ed; 387 int i, nrx, ntx, ntries, error; 388 389 sc->sc_udev = uaa->device; 390 391 if (usbd_set_config_no(sc->sc_udev, 1, 0) != 0) { 392 printf("%s: could not set configuration no\n", 393 sc->sc_dev.dv_xname); 394 return; 395 } 396 397 /* get the first interface handle */ 398 error = usbd_device2interface_handle(sc->sc_udev, 0, &sc->sc_iface); 399 if (error != 0) { 400 printf("%s: could not get interface handle\n", 401 sc->sc_dev.dv_xname); 402 return; 403 } 404 405 /* 406 * Find all bulk endpoints. There are 7 bulk endpoints: 1 for RX 407 * and 6 for TX (4 EDCAs + HCCA + Prio). 408 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 409 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 410 */ 411 nrx = ntx = 0; 412 id = usbd_get_interface_descriptor(sc->sc_iface); 413 for (i = 0; i < id->bNumEndpoints; i++) { 414 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 415 if (ed == NULL || UE_GET_XFERTYPE(ed->bmAttributes) != UE_BULK) 416 continue; 417 418 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN) { 419 sc->rxq.pipe_no = ed->bEndpointAddress; 420 nrx++; 421 } else if (ntx < 4) { 422 sc->txq[ntx].pipe_no = ed->bEndpointAddress; 423 ntx++; 424 } 425 } 426 /* make sure we've got them all */ 427 if (nrx < 1 || ntx < 4) { 428 printf("%s: missing endpoint\n", sc->sc_dev.dv_xname); 429 return; 430 } 431 432 usb_init_task(&sc->sc_task, run_task, sc); 433 timeout_set(&sc->scan_to, run_next_scan, sc); 434 timeout_set(&sc->calib_to, run_calibrate_to, sc); 435 436 sc->amrr.amrr_min_success_threshold = 1; 437 sc->amrr.amrr_max_success_threshold = 10; 438 439 /* wait for the chip to settle */ 440 for (ntries = 0; ntries < 100; ntries++) { 441 if (run_read(sc, RT2860_ASIC_VER_ID, &sc->mac_rev) != 0) 442 return; 443 if (sc->mac_rev != 0 && sc->mac_rev != 0xffffffff) 444 break; 445 DELAY(10); 446 } 447 if (ntries == 100) { 448 printf("%s: timeout waiting for NIC to initialize\n", 449 sc->sc_dev.dv_xname); 450 return; 451 } 452 453 /* retrieve RF rev. no and various other things from EEPROM */ 454 run_read_eeprom(sc); 455 456 printf("%s: MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), " 457 "address %s\n", sc->sc_dev.dv_xname, sc->mac_rev >> 16, 458 sc->mac_rev & 0xffff, run_get_rf(sc->rf_rev), sc->ntxchains, 459 sc->nrxchains, ether_sprintf(ic->ic_myaddr)); 460 461 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 462 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 463 ic->ic_state = IEEE80211_S_INIT; 464 465 /* set device capabilities */ 466 ic->ic_caps = 467 IEEE80211_C_MONITOR | /* monitor mode supported */ 468 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 469 IEEE80211_C_SHSLOT | /* short slot time supported */ 470 IEEE80211_C_WEP | /* WEP */ 471 IEEE80211_C_RSN; /* WPA/RSN */ 472 473 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850) { 474 /* set supported .11a rates */ 475 ic->ic_sup_rates[IEEE80211_MODE_11A] = 476 ieee80211_std_rateset_11a; 477 478 /* set supported .11a channels */ 479 for (i = 14; i < nitems(rt2860_rf2850); i++) { 480 uint8_t chan = rt2860_rf2850[i].chan; 481 ic->ic_channels[chan].ic_freq = 482 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_5GHZ); 483 ic->ic_channels[chan].ic_flags = IEEE80211_CHAN_A; 484 } 485 } 486 487 /* set supported .11b and .11g rates */ 488 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 489 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 490 491 /* set supported .11b and .11g channels (1 through 14) */ 492 for (i = 1; i <= 14; i++) { 493 ic->ic_channels[i].ic_freq = 494 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 495 ic->ic_channels[i].ic_flags = 496 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 497 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 498 } 499 500 ifp->if_softc = sc; 501 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 502 ifp->if_init = run_init; 503 ifp->if_ioctl = run_ioctl; 504 ifp->if_start = run_start; 505 ifp->if_watchdog = run_watchdog; 506 IFQ_SET_READY(&ifp->if_snd); 507 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 508 509 if_attach(ifp); 510 ieee80211_ifattach(ifp); 511 ic->ic_node_alloc = run_node_alloc; 512 ic->ic_newassoc = run_newassoc; 513 ic->ic_updateslot = run_updateslot; 514 ic->ic_updateedca = run_updateedca; 515 ic->ic_set_key = run_set_key; 516 ic->ic_delete_key = run_delete_key; 517 /* override state transition machine */ 518 sc->sc_newstate = ic->ic_newstate; 519 ic->ic_newstate = run_newstate; 520 ieee80211_media_init(ifp, run_media_change, ieee80211_media_status); 521 522 #if NBPFILTER > 0 523 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 524 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 525 526 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 527 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 528 sc->sc_rxtap.wr_ihdr.it_present = htole32(RUN_RX_RADIOTAP_PRESENT); 529 530 sc->sc_txtap_len = sizeof sc->sc_txtapu; 531 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 532 sc->sc_txtap.wt_ihdr.it_present = htole32(RUN_TX_RADIOTAP_PRESENT); 533 #endif 534 535 usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->sc_udev, &sc->sc_dev); 536 } 537 538 int 539 run_detach(struct device *self, int flags) 540 { 541 struct run_softc *sc = (struct run_softc *)self; 542 struct ifnet *ifp = &sc->sc_ic.ic_if; 543 int qid, s; 544 545 s = splnet(); 546 547 /* wait for all queued asynchronous commands to complete */ 548 while (sc->cmdq.queued > 0) 549 tsleep(&sc->cmdq, 0, "cmdq", 0); 550 551 timeout_del(&sc->scan_to); 552 timeout_del(&sc->calib_to); 553 554 if (ifp->if_flags != 0) { /* if_attach() has been called */ 555 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 556 ieee80211_ifdetach(ifp); 557 if_detach(ifp); 558 } 559 560 for (qid = 0; qid < 4; qid++) 561 run_free_tx_ring(sc, qid); 562 run_free_rx_ring(sc); 563 564 splx(s); 565 566 usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->sc_udev, &sc->sc_dev); 567 568 return 0; 569 } 570 571 int 572 run_alloc_rx_ring(struct run_softc *sc) 573 { 574 struct run_rx_ring *rxq = &sc->rxq; 575 int i, error; 576 577 error = usbd_open_pipe(sc->sc_iface, rxq->pipe_no, 0, &rxq->pipeh); 578 if (error != 0) 579 goto fail; 580 581 for (i = 0; i < RUN_RX_RING_COUNT; i++) { 582 struct run_rx_data *data = &rxq->data[i]; 583 584 data->sc = sc; /* backpointer for callbacks */ 585 586 data->xfer = usbd_alloc_xfer(sc->sc_udev); 587 if (data->xfer == NULL) { 588 error = ENOMEM; 589 goto fail; 590 } 591 data->buf = usbd_alloc_buffer(data->xfer, RUN_MAX_RXSZ); 592 if (data->buf == NULL) { 593 error = ENOMEM; 594 goto fail; 595 } 596 } 597 if (error != 0) 598 fail: run_free_rx_ring(sc); 599 return error; 600 } 601 602 void 603 run_free_rx_ring(struct run_softc *sc) 604 { 605 struct run_rx_ring *rxq = &sc->rxq; 606 int i; 607 608 if (rxq->pipeh != NULL) { 609 usbd_abort_pipe(rxq->pipeh); 610 usbd_close_pipe(rxq->pipeh); 611 rxq->pipeh = NULL; 612 } 613 for (i = 0; i < RUN_RX_RING_COUNT; i++) { 614 if (rxq->data[i].xfer != NULL) 615 usbd_free_xfer(rxq->data[i].xfer); 616 rxq->data[i].xfer = NULL; 617 } 618 } 619 620 int 621 run_alloc_tx_ring(struct run_softc *sc, int qid) 622 { 623 struct run_tx_ring *txq = &sc->txq[qid]; 624 int i, error; 625 626 txq->cur = txq->queued = 0; 627 628 error = usbd_open_pipe(sc->sc_iface, txq->pipe_no, 0, &txq->pipeh); 629 if (error != 0) 630 goto fail; 631 632 for (i = 0; i < RUN_TX_RING_COUNT; i++) { 633 struct run_tx_data *data = &txq->data[i]; 634 635 data->sc = sc; /* backpointer for callbacks */ 636 data->qid = qid; 637 638 data->xfer = usbd_alloc_xfer(sc->sc_udev); 639 if (data->xfer == NULL) { 640 error = ENOMEM; 641 goto fail; 642 } 643 data->buf = usbd_alloc_buffer(data->xfer, RUN_MAX_TXSZ); 644 if (data->buf == NULL) { 645 error = ENOMEM; 646 goto fail; 647 } 648 /* zeroize the TXD + TXWI part */ 649 memset(data->buf, 0, sizeof (struct rt2870_txd) + 650 sizeof (struct rt2860_txwi)); 651 } 652 if (error != 0) 653 fail: run_free_tx_ring(sc, qid); 654 return error; 655 } 656 657 void 658 run_free_tx_ring(struct run_softc *sc, int qid) 659 { 660 struct run_tx_ring *txq = &sc->txq[qid]; 661 int i; 662 663 if (txq->pipeh != NULL) { 664 usbd_abort_pipe(txq->pipeh); 665 usbd_close_pipe(txq->pipeh); 666 txq->pipeh = NULL; 667 } 668 for (i = 0; i < RUN_TX_RING_COUNT; i++) { 669 if (txq->data[i].xfer != NULL) 670 usbd_free_xfer(txq->data[i].xfer); 671 txq->data[i].xfer = NULL; 672 } 673 } 674 675 int 676 run_load_microcode(struct run_softc *sc) 677 { 678 usb_device_request_t req; 679 const char *fwname; 680 u_char *ucode; 681 size_t size; 682 uint32_t tmp; 683 int ntries, error; 684 685 /* RT3071/RT3072 use a different firmware */ 686 if ((sc->mac_rev >> 16) != 0x2860 && 687 (sc->mac_rev >> 16) != 0x2872 && 688 (sc->mac_rev >> 16) != 0x3070) 689 fwname = "run-rt3071"; 690 else 691 fwname = "run-rt2870"; 692 693 if ((error = loadfirmware(fwname, &ucode, &size)) != 0) { 694 printf("%s: failed loadfirmware of file %s (error %d)\n", 695 sc->sc_dev.dv_xname, fwname, error); 696 return error; 697 } 698 if (size != 4096) { 699 printf("%s: invalid firmware size (should be 4KB)\n", 700 sc->sc_dev.dv_xname); 701 free(ucode, M_DEVBUF); 702 return EINVAL; 703 } 704 705 run_read(sc, RT2860_ASIC_VER_ID, &tmp); 706 /* write microcode image */ 707 run_write_region_1(sc, RT2870_FW_BASE, ucode, size); 708 free(ucode, M_DEVBUF); 709 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 710 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 711 712 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 713 req.bRequest = RT2870_RESET; 714 USETW(req.wValue, 8); 715 USETW(req.wIndex, 0); 716 USETW(req.wLength, 0); 717 if ((error = usbd_do_request(sc->sc_udev, &req, NULL)) != 0) 718 return error; 719 720 usbd_delay_ms(sc->sc_udev, 10); 721 run_write(sc, RT2860_H2M_MAILBOX, 0); 722 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_BOOT, 0)) != 0) 723 return error; 724 725 /* wait until microcontroller is ready */ 726 for (ntries = 0; ntries < 1000; ntries++) { 727 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 728 return error; 729 if (tmp & RT2860_MCU_READY) 730 break; 731 DELAY(1000); 732 } 733 if (ntries == 1000) { 734 printf("%s: timeout waiting for MCU to initialize\n", 735 sc->sc_dev.dv_xname); 736 return ETIMEDOUT; 737 } 738 DPRINTF(("microcode successfully loaded after %d tries\n", ntries)); 739 return 0; 740 } 741 742 int 743 run_reset(struct run_softc *sc) 744 { 745 usb_device_request_t req; 746 747 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 748 req.bRequest = RT2870_RESET; 749 USETW(req.wValue, 1); 750 USETW(req.wIndex, 0); 751 USETW(req.wLength, 0); 752 return usbd_do_request(sc->sc_udev, &req, NULL); 753 } 754 755 int 756 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 757 { 758 uint32_t tmp; 759 int error; 760 761 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 762 if (error == 0) 763 *val = letoh32(tmp); 764 else 765 *val = 0xffffffff; 766 return error; 767 } 768 769 int 770 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 771 { 772 usb_device_request_t req; 773 774 req.bmRequestType = UT_READ_VENDOR_DEVICE; 775 req.bRequest = RT2870_READ_REGION_1; 776 USETW(req.wValue, 0); 777 USETW(req.wIndex, reg); 778 USETW(req.wLength, len); 779 return usbd_do_request(sc->sc_udev, &req, buf); 780 } 781 782 int 783 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 784 { 785 usb_device_request_t req; 786 787 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 788 req.bRequest = RT2870_WRITE_2; 789 USETW(req.wValue, val); 790 USETW(req.wIndex, reg); 791 USETW(req.wLength, 0); 792 return usbd_do_request(sc->sc_udev, &req, NULL); 793 } 794 795 int 796 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 797 { 798 int error; 799 800 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 801 error = run_write_2(sc, reg + 2, val >> 16); 802 return error; 803 } 804 805 int 806 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 807 int len) 808 { 809 #if 1 810 int i, error = 0; 811 /* 812 * NB: the WRITE_REGION_1 command is not stable on RT2860. 813 * We thus issue multiple WRITE_2 commands instead. 814 */ 815 KASSERT((len & 1) == 0); 816 for (i = 0; i < len && error == 0; i += 2) 817 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 818 return error; 819 #else 820 usb_device_request_t req; 821 822 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 823 req.bRequest = RT2870_WRITE_REGION_1; 824 USETW(req.wValue, 0); 825 USETW(req.wIndex, reg); 826 USETW(req.wLength, len); 827 return usbd_do_request(sc->sc_udev, &req, buf); 828 #endif 829 } 830 831 int 832 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 833 { 834 int i, error = 0; 835 836 KASSERT((len & 3) == 0); 837 for (i = 0; i < len && error == 0; i += 4) 838 error = run_write(sc, reg + i, val); 839 return error; 840 } 841 842 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 843 int 844 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 845 { 846 uint32_t tmp; 847 uint16_t reg; 848 int error, ntries; 849 850 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 851 return error; 852 853 addr *= 2; 854 /*- 855 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 856 * DATA0: F E D C 857 * DATA1: B A 9 8 858 * DATA2: 7 6 5 4 859 * DATA3: 3 2 1 0 860 */ 861 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 862 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 863 run_write(sc, RT3070_EFUSE_CTRL, tmp); 864 for (ntries = 0; ntries < 100; ntries++) { 865 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 866 return error; 867 if (!(tmp & RT3070_EFSROM_KICK)) 868 break; 869 DELAY(2); 870 } 871 if (ntries == 100) 872 return ETIMEDOUT; 873 874 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 875 *val = 0xffff; /* address not found */ 876 return 0; 877 } 878 /* determine to which 32-bit register our 16-bit word belongs */ 879 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 880 if ((error = run_read(sc, reg, &tmp)) != 0) 881 return error; 882 883 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 884 return 0; 885 } 886 887 int 888 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 889 { 890 usb_device_request_t req; 891 uint16_t tmp; 892 int error; 893 894 addr *= 2; 895 req.bmRequestType = UT_READ_VENDOR_DEVICE; 896 req.bRequest = RT2870_EEPROM_READ; 897 USETW(req.wValue, 0); 898 USETW(req.wIndex, addr); 899 USETW(req.wLength, sizeof tmp); 900 error = usbd_do_request(sc->sc_udev, &req, &tmp); 901 if (error == 0) 902 *val = letoh16(tmp); 903 else 904 *val = 0xffff; 905 return error; 906 } 907 908 static __inline int 909 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 910 { 911 /* either eFUSE ROM or EEPROM */ 912 return sc->sc_srom_read(sc, addr, val); 913 } 914 915 int 916 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 917 { 918 uint32_t tmp; 919 int error, ntries; 920 921 for (ntries = 0; ntries < 10; ntries++) { 922 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 923 return error; 924 if (!(tmp & RT2860_RF_REG_CTRL)) 925 break; 926 } 927 if (ntries == 10) 928 return ETIMEDOUT; 929 930 /* RF registers are 24-bit on the RT2860 */ 931 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 932 (val & 0x3fffff) << 2 | (reg & 3); 933 return run_write(sc, RT2860_RF_CSR_CFG0, tmp); 934 } 935 936 int 937 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 938 { 939 uint32_t tmp; 940 int error, ntries; 941 942 for (ntries = 0; ntries < 100; ntries++) { 943 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 944 return error; 945 if (!(tmp & RT3070_RF_KICK)) 946 break; 947 } 948 if (ntries == 100) 949 return ETIMEDOUT; 950 951 tmp = RT3070_RF_KICK | reg << 8; 952 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 953 return error; 954 955 for (ntries = 0; ntries < 100; ntries++) { 956 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 957 return error; 958 if (!(tmp & RT3070_RF_KICK)) 959 break; 960 } 961 if (ntries == 100) 962 return ETIMEDOUT; 963 964 *val = tmp & 0xff; 965 return 0; 966 } 967 968 int 969 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 970 { 971 uint32_t tmp; 972 int error, ntries; 973 974 for (ntries = 0; ntries < 10; ntries++) { 975 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 976 return error; 977 if (!(tmp & RT3070_RF_KICK)) 978 break; 979 } 980 if (ntries == 10) 981 return ETIMEDOUT; 982 983 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 984 return run_write(sc, RT3070_RF_CSR_CFG, tmp); 985 } 986 987 int 988 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 989 { 990 uint32_t tmp; 991 int ntries, error; 992 993 for (ntries = 0; ntries < 10; ntries++) { 994 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 995 return error; 996 if (!(tmp & RT2860_BBP_CSR_KICK)) 997 break; 998 } 999 if (ntries == 10) 1000 return ETIMEDOUT; 1001 1002 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1003 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1004 return error; 1005 1006 for (ntries = 0; ntries < 10; ntries++) { 1007 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1008 return error; 1009 if (!(tmp & RT2860_BBP_CSR_KICK)) 1010 break; 1011 } 1012 if (ntries == 10) 1013 return ETIMEDOUT; 1014 1015 *val = tmp & 0xff; 1016 return 0; 1017 } 1018 1019 int 1020 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1021 { 1022 uint32_t tmp; 1023 int ntries, error; 1024 1025 for (ntries = 0; ntries < 10; ntries++) { 1026 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1027 return error; 1028 if (!(tmp & RT2860_BBP_CSR_KICK)) 1029 break; 1030 } 1031 if (ntries == 10) 1032 return ETIMEDOUT; 1033 1034 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1035 return run_write(sc, RT2860_BBP_CSR_CFG, tmp); 1036 } 1037 1038 /* 1039 * Send a command to the 8051 microcontroller unit. 1040 */ 1041 int 1042 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1043 { 1044 uint32_t tmp; 1045 int error, ntries; 1046 1047 for (ntries = 0; ntries < 100; ntries++) { 1048 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1049 return error; 1050 if (!(tmp & RT2860_H2M_BUSY)) 1051 break; 1052 } 1053 if (ntries == 100) 1054 return ETIMEDOUT; 1055 1056 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1057 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1058 error = run_write(sc, RT2860_HOST_CMD, cmd); 1059 return error; 1060 } 1061 1062 /* 1063 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1064 * Used to adjust per-rate Tx power registers. 1065 */ 1066 static __inline uint32_t 1067 b4inc(uint32_t b32, int8_t delta) 1068 { 1069 int8_t i, b4; 1070 1071 for (i = 0; i < 8; i++) { 1072 b4 = b32 & 0xf; 1073 b4 += delta; 1074 if (b4 < 0) 1075 b4 = 0; 1076 else if (b4 > 0xf) 1077 b4 = 0xf; 1078 b32 = b32 >> 4 | b4 << 28; 1079 } 1080 return b32; 1081 } 1082 1083 const char * 1084 run_get_rf(int rev) 1085 { 1086 switch (rev) { 1087 case RT2860_RF_2820: return "RT2820"; 1088 case RT2860_RF_2850: return "RT2850"; 1089 case RT2860_RF_2720: return "RT2720"; 1090 case RT2860_RF_2750: return "RT2750"; 1091 case RT3070_RF_3020: return "RT3020"; 1092 case RT3070_RF_2020: return "RT2020"; 1093 case RT3070_RF_3021: return "RT3021"; 1094 case RT3070_RF_3022: return "RT3022"; 1095 case RT3070_RF_3052: return "RT3052"; 1096 } 1097 return "unknown"; 1098 } 1099 1100 int 1101 run_read_eeprom(struct run_softc *sc) 1102 { 1103 struct ieee80211com *ic = &sc->sc_ic; 1104 int8_t delta_2ghz, delta_5ghz; 1105 uint32_t tmp; 1106 uint16_t val; 1107 int ridx, ant, i; 1108 1109 /* check whether the ROM is eFUSE ROM or EEPROM */ 1110 sc->sc_srom_read = run_eeprom_read_2; 1111 if ((sc->mac_rev & 0xfff00000) >= 0x30700000) { 1112 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1113 DPRINTF(("EFUSE_CTRL=0x%08x\n", tmp)); 1114 if (tmp & RT3070_SEL_EFUSE) 1115 sc->sc_srom_read = run_efuse_read_2; 1116 } 1117 1118 /* read ROM version */ 1119 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1120 DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8)); 1121 1122 /* read MAC address */ 1123 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1124 ic->ic_myaddr[0] = val & 0xff; 1125 ic->ic_myaddr[1] = val >> 8; 1126 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1127 ic->ic_myaddr[2] = val & 0xff; 1128 ic->ic_myaddr[3] = val >> 8; 1129 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1130 ic->ic_myaddr[4] = val & 0xff; 1131 ic->ic_myaddr[5] = val >> 8; 1132 1133 /* read default BBP settings */ 1134 for (i = 0; i < 8; i++) { 1135 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1136 sc->bbp[i].val = val & 0xff; 1137 sc->bbp[i].reg = val >> 8; 1138 DPRINTF(("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val)); 1139 } 1140 1141 /* read RF frequency offset from EEPROM */ 1142 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1143 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1144 DPRINTF(("EEPROM freq offset %d\n", sc->freq & 0xff)); 1145 1146 if ((sc->leds = val >> 8) != 0xff) { 1147 /* read LEDs operating mode */ 1148 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1149 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1150 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1151 } else { 1152 /* broken EEPROM, use default settings */ 1153 sc->leds = 0x01; 1154 sc->led[0] = 0x5555; 1155 sc->led[1] = 0x2221; 1156 sc->led[2] = 0x5627; /* differs from RT2860 */ 1157 } 1158 DPRINTF(("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1159 sc->leds, sc->led[0], sc->led[1], sc->led[2])); 1160 1161 /* read RF information */ 1162 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1163 if (val == 0xffff) { 1164 DPRINTF(("invalid EEPROM antenna info, using default\n")); 1165 if ((sc->mac_rev >> 16) >= 0x3070) { 1166 /* default to RF3020 1T1R */ 1167 sc->rf_rev = RT3070_RF_3020; 1168 sc->ntxchains = 1; 1169 sc->nrxchains = 1; 1170 } else { 1171 /* default to RF2820 1T2R */ 1172 sc->rf_rev = RT2860_RF_2820; 1173 sc->ntxchains = 1; 1174 sc->nrxchains = 2; 1175 } 1176 } else { 1177 sc->rf_rev = (val >> 8) & 0xf; 1178 sc->ntxchains = (val >> 4) & 0xf; 1179 sc->nrxchains = val & 0xf; 1180 } 1181 DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1182 sc->rf_rev, sc->ntxchains, sc->nrxchains)); 1183 1184 /* check if RF supports automatic Tx access gain control */ 1185 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1186 DPRINTF(("EEPROM CFG 0x%04x\n", val)); 1187 if ((val & 0xff) != 0xff) { 1188 sc->ext_5ghz_lna = (val >> 3) & 1; 1189 sc->ext_2ghz_lna = (val >> 2) & 1; 1190 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1191 } 1192 1193 /* read power settings for 2GHz channels */ 1194 for (i = 0; i < 14; i += 2) { 1195 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1196 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1197 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1198 1199 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1200 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1201 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1202 } 1203 /* fix broken Tx power entries */ 1204 for (i = 0; i < 14; i++) { 1205 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1206 sc->txpow1[i] = 5; 1207 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1208 sc->txpow2[i] = 5; 1209 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1210 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i])); 1211 } 1212 /* read power settings for 5GHz channels */ 1213 for (i = 0; i < 36; i += 2) { 1214 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1215 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1216 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1217 1218 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1219 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1220 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1221 } 1222 /* fix broken Tx power entries */ 1223 for (i = 0; i < 36; i++) { 1224 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1225 sc->txpow1[14 + i] = 5; 1226 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1227 sc->txpow2[14 + i] = 5; 1228 DPRINTF(("chan %d: power1=%d, power2=%d\n", 1229 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1230 sc->txpow2[14 + i])); 1231 } 1232 1233 /* read Tx power compensation for each Tx rate */ 1234 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1235 delta_2ghz = delta_5ghz = 0; 1236 if ((val & 0xff) != 0xff && (val & 0x80)) { 1237 delta_2ghz = val & 0xf; 1238 if (!(val & 0x40)) /* negative number */ 1239 delta_2ghz = -delta_2ghz; 1240 } 1241 val >>= 8; 1242 if ((val & 0xff) != 0xff && (val & 0x80)) { 1243 delta_5ghz = val & 0xf; 1244 if (!(val & 0x40)) /* negative number */ 1245 delta_5ghz = -delta_5ghz; 1246 } 1247 DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n", 1248 delta_2ghz, delta_5ghz)); 1249 1250 for (ridx = 0; ridx < 5; ridx++) { 1251 uint32_t reg; 1252 1253 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx, &val); 1254 reg = (uint32_t)val << 16; 1255 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx + 1, &val); 1256 reg |= val; 1257 1258 sc->txpow20mhz[ridx] = reg; 1259 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1260 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1261 1262 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1263 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1264 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx])); 1265 } 1266 1267 /* read RSSI offsets and LNA gains from EEPROM */ 1268 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1269 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1270 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1271 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1272 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1273 sc->lna[2] = val >> 8; /* channel group 2 */ 1274 1275 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1276 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1277 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1278 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1279 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1280 sc->lna[3] = val >> 8; /* channel group 3 */ 1281 1282 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1283 sc->lna[0] = val & 0xff; /* channel group 0 */ 1284 sc->lna[1] = val >> 8; /* channel group 1 */ 1285 1286 /* fix broken 5GHz LNA entries */ 1287 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1288 DPRINTF(("invalid LNA for channel group %d\n", 2)); 1289 sc->lna[2] = sc->lna[1]; 1290 } 1291 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1292 DPRINTF(("invalid LNA for channel group %d\n", 3)); 1293 sc->lna[3] = sc->lna[1]; 1294 } 1295 1296 /* fix broken RSSI offset entries */ 1297 for (ant = 0; ant < 3; ant++) { 1298 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1299 DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n", 1300 ant + 1, sc->rssi_2ghz[ant])); 1301 sc->rssi_2ghz[ant] = 0; 1302 } 1303 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1304 DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n", 1305 ant + 1, sc->rssi_5ghz[ant])); 1306 sc->rssi_5ghz[ant] = 0; 1307 } 1308 } 1309 return 0; 1310 } 1311 1312 struct ieee80211_node * 1313 run_node_alloc(struct ieee80211com *ic) 1314 { 1315 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1316 } 1317 1318 int 1319 run_media_change(struct ifnet *ifp) 1320 { 1321 struct run_softc *sc = ifp->if_softc; 1322 struct ieee80211com *ic = &sc->sc_ic; 1323 uint8_t rate, ridx; 1324 int error; 1325 1326 error = ieee80211_media_change(ifp); 1327 if (error != ENETRESET) 1328 return error; 1329 1330 if (ic->ic_fixed_rate != -1) { 1331 rate = ic->ic_sup_rates[ic->ic_curmode]. 1332 rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 1333 for (ridx = 0; ridx <= RT2860_RIDX_MAX; ridx++) 1334 if (rt2860_rates[ridx].rate == rate) 1335 break; 1336 sc->fixed_ridx = ridx; 1337 } 1338 1339 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1340 (IFF_UP | IFF_RUNNING)) { 1341 run_stop(ifp, 0); 1342 run_init(ifp); 1343 } 1344 1345 return 0; 1346 } 1347 1348 void 1349 run_next_scan(void *arg) 1350 { 1351 struct run_softc *sc = arg; 1352 1353 if (sc->sc_ic.ic_state == IEEE80211_S_SCAN) 1354 ieee80211_next_scan(&sc->sc_ic.ic_if); 1355 } 1356 1357 void 1358 run_task(void *arg) 1359 { 1360 struct run_softc *sc = arg; 1361 struct run_host_cmd_ring *ring = &sc->cmdq; 1362 struct run_host_cmd *cmd; 1363 int s; 1364 1365 /* process host commands */ 1366 s = splusb(); 1367 while (ring->next != ring->cur) { 1368 cmd = &ring->cmd[ring->next]; 1369 splx(s); 1370 /* callback */ 1371 cmd->cb(sc, cmd->data); 1372 s = splusb(); 1373 ring->queued--; 1374 ring->next = (ring->next + 1) % RUN_HOST_CMD_RING_COUNT; 1375 } 1376 wakeup(ring); 1377 splx(s); 1378 } 1379 1380 void 1381 run_do_async(struct run_softc *sc, void (*cb)(struct run_softc *, void *), 1382 void *arg, int len) 1383 { 1384 struct run_host_cmd_ring *ring = &sc->cmdq; 1385 struct run_host_cmd *cmd; 1386 int s; 1387 1388 s = splusb(); 1389 cmd = &ring->cmd[ring->cur]; 1390 cmd->cb = cb; 1391 KASSERT(len <= sizeof (cmd->data)); 1392 memcpy(cmd->data, arg, len); 1393 ring->cur = (ring->cur + 1) % RUN_HOST_CMD_RING_COUNT; 1394 1395 /* if there is no pending command already, schedule a task */ 1396 if (++ring->queued == 1) 1397 usb_add_task(sc->sc_udev, &sc->sc_task); 1398 splx(s); 1399 } 1400 1401 int 1402 run_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1403 { 1404 struct run_softc *sc = ic->ic_softc; 1405 struct run_cmd_newstate cmd; 1406 1407 /* do it in a process context */ 1408 cmd.state = nstate; 1409 cmd.arg = arg; 1410 run_do_async(sc, run_newstate_cb, &cmd, sizeof cmd); 1411 return 0; 1412 } 1413 1414 void 1415 run_newstate_cb(struct run_softc *sc, void *arg) 1416 { 1417 struct run_cmd_newstate *cmd = arg; 1418 struct ieee80211com *ic = &sc->sc_ic; 1419 enum ieee80211_state ostate; 1420 struct ieee80211_node *ni; 1421 uint32_t tmp, sta[3]; 1422 uint8_t wcid; 1423 int s; 1424 1425 s = splnet(); 1426 ostate = ic->ic_state; 1427 1428 if (ostate == IEEE80211_S_RUN) { 1429 /* turn link LED off */ 1430 run_set_leds(sc, RT2860_LED_RADIO); 1431 } 1432 1433 switch (cmd->state) { 1434 case IEEE80211_S_INIT: 1435 if (ostate == IEEE80211_S_RUN) { 1436 /* abort TSF synchronization */ 1437 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1438 run_write(sc, RT2860_BCN_TIME_CFG, 1439 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1440 RT2860_TBTT_TIMER_EN)); 1441 } 1442 break; 1443 1444 case IEEE80211_S_SCAN: 1445 run_set_chan(sc, ic->ic_bss->ni_chan); 1446 timeout_add_msec(&sc->scan_to, 200); 1447 break; 1448 1449 case IEEE80211_S_AUTH: 1450 case IEEE80211_S_ASSOC: 1451 run_set_chan(sc, ic->ic_bss->ni_chan); 1452 break; 1453 1454 case IEEE80211_S_RUN: 1455 run_set_chan(sc, ic->ic_bss->ni_chan); 1456 1457 ni = ic->ic_bss; 1458 1459 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1460 run_updateslot(ic); 1461 run_enable_mrr(sc); 1462 run_set_txpreamble(sc); 1463 run_set_basicrates(sc); 1464 run_set_bssid(sc, ni->ni_bssid); 1465 } 1466 if (ic->ic_opmode == IEEE80211_M_STA) { 1467 /* add BSS entry to the WCID table */ 1468 wcid = RUN_AID2WCID(ni->ni_associd); 1469 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 1470 ni->ni_macaddr, IEEE80211_ADDR_LEN); 1471 1472 /* fake a join to init the tx rate */ 1473 run_newassoc(ic, ni, 1); 1474 } 1475 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 1476 run_enable_tsf_sync(sc); 1477 1478 /* clear statistic registers used by AMRR */ 1479 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1480 (uint8_t *)sta, sizeof sta); 1481 /* start calibration timer */ 1482 timeout_add_sec(&sc->calib_to, 1); 1483 } 1484 1485 /* turn link LED on */ 1486 run_set_leds(sc, RT2860_LED_RADIO | 1487 (IEEE80211_IS_CHAN_2GHZ(ic->ic_bss->ni_chan) ? 1488 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1489 break; 1490 } 1491 (void)sc->sc_newstate(ic, cmd->state, cmd->arg); 1492 splx(s); 1493 } 1494 1495 void 1496 run_updateedca(struct ieee80211com *ic) 1497 { 1498 /* do it in a process context */ 1499 run_do_async(ic->ic_softc, run_updateedca_cb, NULL, 0); 1500 } 1501 1502 /* ARGSUSED */ 1503 void 1504 run_updateedca_cb(struct run_softc *sc, void *arg) 1505 { 1506 struct ieee80211com *ic = &sc->sc_ic; 1507 int s, aci; 1508 1509 s = splnet(); 1510 /* update MAC TX configuration registers */ 1511 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 1512 run_write(sc, RT2860_EDCA_AC_CFG(aci), 1513 ic->ic_edca_ac[aci].ac_ecwmax << 16 | 1514 ic->ic_edca_ac[aci].ac_ecwmin << 12 | 1515 ic->ic_edca_ac[aci].ac_aifsn << 8 | 1516 ic->ic_edca_ac[aci].ac_txoplimit); 1517 } 1518 1519 /* update SCH/DMA registers too */ 1520 run_write(sc, RT2860_WMM_AIFSN_CFG, 1521 ic->ic_edca_ac[EDCA_AC_VO].ac_aifsn << 12 | 1522 ic->ic_edca_ac[EDCA_AC_VI].ac_aifsn << 8 | 1523 ic->ic_edca_ac[EDCA_AC_BK].ac_aifsn << 4 | 1524 ic->ic_edca_ac[EDCA_AC_BE].ac_aifsn); 1525 run_write(sc, RT2860_WMM_CWMIN_CFG, 1526 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmin << 12 | 1527 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmin << 8 | 1528 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmin << 4 | 1529 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmin); 1530 run_write(sc, RT2860_WMM_CWMAX_CFG, 1531 ic->ic_edca_ac[EDCA_AC_VO].ac_ecwmax << 12 | 1532 ic->ic_edca_ac[EDCA_AC_VI].ac_ecwmax << 8 | 1533 ic->ic_edca_ac[EDCA_AC_BK].ac_ecwmax << 4 | 1534 ic->ic_edca_ac[EDCA_AC_BE].ac_ecwmax); 1535 run_write(sc, RT2860_WMM_TXOP0_CFG, 1536 ic->ic_edca_ac[EDCA_AC_BK].ac_txoplimit << 16 | 1537 ic->ic_edca_ac[EDCA_AC_BE].ac_txoplimit); 1538 run_write(sc, RT2860_WMM_TXOP1_CFG, 1539 ic->ic_edca_ac[EDCA_AC_VO].ac_txoplimit << 16 | 1540 ic->ic_edca_ac[EDCA_AC_VI].ac_txoplimit); 1541 splx(s); 1542 } 1543 1544 int 1545 run_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1546 struct ieee80211_key *k) 1547 { 1548 struct run_softc *sc = ic->ic_softc; 1549 struct run_cmd_key cmd; 1550 1551 /* defer setting of WEP keys until interface is brought up */ 1552 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) != 1553 (IFF_UP | IFF_RUNNING)) 1554 return 0; 1555 1556 /* do it in a process context */ 1557 cmd.key = *k; 1558 cmd.associd = (ni != NULL) ? ni->ni_associd : 0; 1559 run_do_async(sc, run_set_key_cb, &cmd, sizeof cmd); 1560 return 0; 1561 } 1562 1563 void 1564 run_set_key_cb(struct run_softc *sc, void *arg) 1565 { 1566 struct run_cmd_key *cmd = arg; 1567 struct ieee80211_key *k = &cmd->key; 1568 uint32_t attr; 1569 uint16_t base; 1570 uint8_t mode, wcid, iv[8]; 1571 1572 /* map net80211 cipher to RT2860 security mode */ 1573 switch (k->k_cipher) { 1574 case IEEE80211_CIPHER_WEP40: 1575 mode = RT2860_MODE_WEP40; 1576 break; 1577 case IEEE80211_CIPHER_WEP104: 1578 mode = RT2860_MODE_WEP104; 1579 break; 1580 case IEEE80211_CIPHER_TKIP: 1581 mode = RT2860_MODE_TKIP; 1582 break; 1583 case IEEE80211_CIPHER_CCMP: 1584 mode = RT2860_MODE_AES_CCMP; 1585 break; 1586 default: 1587 return; 1588 } 1589 1590 if (k->k_flags & IEEE80211_KEY_GROUP) { 1591 wcid = 0; /* NB: update WCID0 for group keys */ 1592 base = RT2860_SKEY(0, k->k_id); 1593 } else { 1594 wcid = RUN_AID2WCID(cmd->associd); 1595 base = RT2860_PKEY(wcid); 1596 } 1597 1598 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1599 run_write_region_1(sc, base, k->k_key, 16); 1600 run_write_region_1(sc, base + 16, &k->k_key[24], 8); 1601 run_write_region_1(sc, base + 24, &k->k_key[16], 8); 1602 } else { 1603 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 1604 run_write_region_1(sc, base, k->k_key, (k->k_len + 1) & ~1); 1605 } 1606 1607 if (!(k->k_flags & IEEE80211_KEY_GROUP) || 1608 (k->k_flags & IEEE80211_KEY_TX)) { 1609 /* set initial packet number in IV+EIV */ 1610 if (k->k_cipher == IEEE80211_CIPHER_WEP40 || 1611 k->k_cipher == IEEE80211_CIPHER_WEP104) { 1612 memset(iv, 0, sizeof iv); 1613 iv[3] = sc->sc_ic.ic_def_txkey << 6; 1614 } else { 1615 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 1616 iv[0] = k->k_tsc >> 8; 1617 iv[1] = (iv[0] | 0x20) & 0x7f; 1618 iv[2] = k->k_tsc; 1619 } else /* CCMP */ { 1620 iv[0] = k->k_tsc; 1621 iv[1] = k->k_tsc >> 8; 1622 iv[2] = 0; 1623 } 1624 iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 1625 iv[4] = k->k_tsc >> 16; 1626 iv[5] = k->k_tsc >> 24; 1627 iv[6] = k->k_tsc >> 32; 1628 iv[7] = k->k_tsc >> 40; 1629 } 1630 run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8); 1631 } 1632 1633 if (k->k_flags & IEEE80211_KEY_GROUP) { 1634 /* install group key */ 1635 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 1636 attr &= ~(0xf << (k->k_id * 4)); 1637 attr |= mode << (k->k_id * 4); 1638 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 1639 } else { 1640 /* install pairwise key */ 1641 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 1642 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 1643 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 1644 } 1645 } 1646 1647 void 1648 run_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 1649 struct ieee80211_key *k) 1650 { 1651 struct run_softc *sc = ic->ic_softc; 1652 struct run_cmd_key cmd; 1653 1654 if (!(ic->ic_if.if_flags & IFF_RUNNING) || 1655 ic->ic_state != IEEE80211_S_RUN) 1656 return; /* nothing to do */ 1657 1658 /* do it in a process context */ 1659 cmd.key = *k; 1660 cmd.associd = (ni != NULL) ? ni->ni_associd : 0; 1661 run_do_async(sc, run_delete_key_cb, &cmd, sizeof cmd); 1662 } 1663 1664 void 1665 run_delete_key_cb(struct run_softc *sc, void *arg) 1666 { 1667 struct run_cmd_key *cmd = arg; 1668 struct ieee80211_key *k = &cmd->key; 1669 uint32_t attr; 1670 uint8_t wcid; 1671 1672 if (k->k_flags & IEEE80211_KEY_GROUP) { 1673 /* remove group key */ 1674 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 1675 attr &= ~(0xf << (k->k_id * 4)); 1676 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 1677 1678 } else { 1679 /* remove pairwise key */ 1680 wcid = RUN_AID2WCID(cmd->associd); 1681 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 1682 attr &= ~0xf; 1683 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 1684 } 1685 } 1686 1687 void 1688 run_calibrate_to(void *arg) 1689 { 1690 /* do it in a process context */ 1691 run_do_async(arg, run_calibrate_cb, NULL, 0); 1692 /* next timeout will be rescheduled in the calibration task */ 1693 } 1694 1695 /* ARGSUSED */ 1696 void 1697 run_calibrate_cb(struct run_softc *sc, void *arg) 1698 { 1699 struct ifnet *ifp = &sc->sc_ic.ic_if; 1700 uint32_t sta[3]; 1701 int s, error; 1702 1703 /* read statistic counters (clear on read) and update AMRR state */ 1704 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 1705 sizeof sta); 1706 if (error != 0) 1707 goto skip; 1708 1709 DPRINTF(("retrycnt=%d txcnt=%d failcnt=%d\n", 1710 letoh32(sta[1]) >> 16, letoh32(sta[1]) & 0xffff, 1711 letoh32(sta[0]) & 0xffff)); 1712 1713 s = splnet(); 1714 /* count failed TX as errors */ 1715 ifp->if_oerrors += letoh32(sta[0]) & 0xffff; 1716 1717 sc->amn.amn_retrycnt = 1718 (letoh32(sta[0]) & 0xffff) + /* failed TX count */ 1719 (letoh32(sta[1]) >> 16); /* TX retransmission count */ 1720 1721 sc->amn.amn_txcnt = 1722 sc->amn.amn_retrycnt + 1723 (letoh32(sta[1]) & 0xffff); /* successful TX count */ 1724 1725 ieee80211_amrr_choose(&sc->amrr, sc->sc_ic.ic_bss, &sc->amn); 1726 splx(s); 1727 1728 skip: timeout_add_sec(&sc->calib_to, 1); 1729 } 1730 1731 void 1732 run_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1733 { 1734 struct run_softc *sc = ic->ic_softc; 1735 struct run_node *rn = (void *)ni; 1736 struct ieee80211_rateset *rs = &ni->ni_rates; 1737 uint8_t rate; 1738 int ridx, i, j; 1739 1740 DPRINTF(("new assoc isnew=%d addr=%s\n", 1741 isnew, ether_sprintf(ni->ni_macaddr))); 1742 1743 ieee80211_amrr_node_init(&sc->amrr, &sc->amn); 1744 /* start at lowest available bit-rate, AMRR will raise */ 1745 ni->ni_txrate = 0; 1746 1747 for (i = 0; i < rs->rs_nrates; i++) { 1748 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 1749 /* convert 802.11 rate to hardware rate index */ 1750 for (ridx = 0; ridx <= RT2860_RIDX_MAX; ridx++) 1751 if (rt2860_rates[ridx].rate == rate) 1752 break; 1753 rn->ridx[i] = ridx; 1754 /* determine rate of control response frames */ 1755 for (j = i; j >= 0; j--) { 1756 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 1757 rt2860_rates[rn->ridx[i]].phy == 1758 rt2860_rates[rn->ridx[j]].phy) 1759 break; 1760 } 1761 if (j >= 0) { 1762 rn->ctl_ridx[i] = rn->ridx[j]; 1763 } else { 1764 /* no basic rate found, use mandatory one */ 1765 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 1766 } 1767 DPRINTF(("rate=0x%02x ridx=%d ctl_ridx=%d\n", 1768 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i])); 1769 } 1770 } 1771 1772 /* 1773 * Return the Rx chain with the highest RSSI for a given frame. 1774 */ 1775 static __inline uint8_t 1776 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 1777 { 1778 uint8_t rxchain = 0; 1779 1780 if (sc->nrxchains > 1) { 1781 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 1782 rxchain = 1; 1783 if (sc->nrxchains > 2) 1784 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 1785 rxchain = 2; 1786 } 1787 return rxchain; 1788 } 1789 1790 void 1791 run_rx_frame(struct run_softc *sc, uint8_t *buf, int dmalen) 1792 { 1793 struct ieee80211com *ic = &sc->sc_ic; 1794 struct ifnet *ifp = &ic->ic_if; 1795 struct ieee80211_frame *wh; 1796 struct ieee80211_rxinfo rxi; 1797 struct ieee80211_node *ni; 1798 struct rt2870_rxd *rxd; 1799 struct rt2860_rxwi *rxwi; 1800 struct mbuf *m; 1801 uint32_t flags; 1802 uint16_t len, phy; 1803 uint8_t ant, rssi; 1804 int s; 1805 1806 rxwi = (struct rt2860_rxwi *)buf; 1807 len = letoh16(rxwi->len) & 0xfff; 1808 if (__predict_false(len > dmalen)) { 1809 DPRINTF(("bad RXWI length %u > %u\n", len, dmalen)); 1810 return; 1811 } 1812 /* Rx descriptor is located at the end */ 1813 rxd = (struct rt2870_rxd *)(buf + dmalen); 1814 flags = letoh32(rxd->flags); 1815 1816 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 1817 ifp->if_ierrors++; 1818 return; 1819 } 1820 1821 if (__predict_false((flags & RT2860_RX_MICERR))) { 1822 /* report MIC failures to net80211 for TKIP */ 1823 ic->ic_stats.is_rx_locmicfail++; 1824 ieee80211_michael_mic_failure(ic, 0/* XXX */); 1825 ifp->if_ierrors++; 1826 return; 1827 } 1828 1829 wh = (struct ieee80211_frame *)(rxwi + 1); 1830 rxi.rxi_flags = 0; 1831 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1832 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1833 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1834 } 1835 1836 if (flags & RT2860_RX_L2PAD) { 1837 u_int hdrlen = ieee80211_get_hdrlen(wh); 1838 ovbcopy(wh, (caddr_t)wh + 2, hdrlen); 1839 wh = (struct ieee80211_frame *)((caddr_t)wh + 2); 1840 } 1841 1842 /* could use m_devget but net80211 wants contig mgmt frames */ 1843 MGETHDR(m, M_DONTWAIT, MT_DATA); 1844 if (__predict_false(m == NULL)) { 1845 ifp->if_ierrors++; 1846 return; 1847 } 1848 if (len > MHLEN) { 1849 MCLGET(m, M_DONTWAIT); 1850 if (__predict_false(!(m->m_flags & M_EXT))) { 1851 ifp->if_ierrors++; 1852 m_freem(m); 1853 return; 1854 } 1855 } 1856 /* finalize mbuf */ 1857 m->m_pkthdr.rcvif = ifp; 1858 memcpy(mtod(m, caddr_t), wh, len); 1859 m->m_pkthdr.len = m->m_len = len; 1860 1861 ant = run_maxrssi_chain(sc, rxwi); 1862 rssi = rxwi->rssi[ant]; 1863 1864 #if NBPFILTER > 0 1865 if (__predict_false(sc->sc_drvbpf != NULL)) { 1866 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 1867 struct mbuf mb; 1868 1869 tap->wr_flags = 0; 1870 tap->wr_chan_freq = htole16(ic->ic_ibss_chan->ic_freq); 1871 tap->wr_chan_flags = htole16(ic->ic_ibss_chan->ic_flags); 1872 tap->wr_antsignal = rssi; 1873 tap->wr_antenna = ant; 1874 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 1875 tap->wr_rate = 2; /* in case it can't be found below */ 1876 phy = letoh16(rxwi->phy); 1877 switch (phy & RT2860_PHY_MODE) { 1878 case RT2860_PHY_CCK: 1879 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 1880 case 0: tap->wr_rate = 2; break; 1881 case 1: tap->wr_rate = 4; break; 1882 case 2: tap->wr_rate = 11; break; 1883 case 3: tap->wr_rate = 22; break; 1884 } 1885 if (phy & RT2860_PHY_SHPRE) 1886 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1887 break; 1888 case RT2860_PHY_OFDM: 1889 switch (phy & RT2860_PHY_MCS) { 1890 case 0: tap->wr_rate = 12; break; 1891 case 1: tap->wr_rate = 18; break; 1892 case 2: tap->wr_rate = 24; break; 1893 case 3: tap->wr_rate = 36; break; 1894 case 4: tap->wr_rate = 48; break; 1895 case 5: tap->wr_rate = 72; break; 1896 case 6: tap->wr_rate = 96; break; 1897 case 7: tap->wr_rate = 108; break; 1898 } 1899 break; 1900 } 1901 mb.m_data = (caddr_t)tap; 1902 mb.m_len = sc->sc_rxtap_len; 1903 mb.m_next = m; 1904 mb.m_nextpkt = NULL; 1905 mb.m_type = 0; 1906 mb.m_flags = 0; 1907 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1908 } 1909 #endif 1910 1911 s = splnet(); 1912 ni = ieee80211_find_rxnode(ic, wh); 1913 rxi.rxi_rssi = rssi; 1914 rxi.rxi_tstamp = 0; /* unused */ 1915 ieee80211_input(ifp, m, ni, &rxi); 1916 1917 /* node is no longer needed */ 1918 ieee80211_release_node(ic, ni); 1919 splx(s); 1920 } 1921 1922 void 1923 run_rxeof(usbd_xfer_handle xfer, usbd_private_handle priv, usbd_status status) 1924 { 1925 struct run_rx_data *data = priv; 1926 struct run_softc *sc = data->sc; 1927 uint8_t *buf; 1928 uint32_t dmalen; 1929 int xferlen; 1930 1931 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 1932 DPRINTF(("RX status=%d\n", status)); 1933 if (status == USBD_STALLED) 1934 usbd_clear_endpoint_stall_async(sc->rxq.pipeh); 1935 if (status != USBD_CANCELLED) 1936 goto skip; 1937 return; 1938 } 1939 usbd_get_xfer_status(xfer, NULL, NULL, &xferlen, NULL); 1940 1941 if (__predict_false(xferlen < sizeof (uint32_t) + 1942 sizeof (struct rt2860_rxwi) + sizeof (struct rt2870_rxd))) { 1943 DPRINTF(("xfer too short %d\n", xferlen)); 1944 goto skip; 1945 } 1946 1947 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 1948 buf = data->buf; 1949 while (xferlen > 8) { 1950 dmalen = letoh32(*(uint32_t *)buf) & 0xffff; 1951 1952 if (__predict_false(dmalen == 0 || (dmalen & 3) != 0)) { 1953 DPRINTF(("bad DMA length %u\n", dmalen)); 1954 break; 1955 } 1956 if (__predict_false(dmalen + 8 > xferlen)) { 1957 DPRINTF(("bad DMA length %u > %d\n", 1958 dmalen + 8, xferlen)); 1959 break; 1960 } 1961 run_rx_frame(sc, buf + sizeof (uint32_t), dmalen); 1962 buf += dmalen + 8; 1963 xferlen -= dmalen + 8; 1964 } 1965 1966 skip: /* setup a new transfer */ 1967 usbd_setup_xfer(xfer, sc->rxq.pipeh, data, data->buf, RUN_MAX_RXSZ, 1968 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, run_rxeof); 1969 (void)usbd_transfer(data->xfer); 1970 } 1971 1972 void 1973 run_txeof(usbd_xfer_handle xfer, usbd_private_handle priv, usbd_status status) 1974 { 1975 struct run_tx_data *data = priv; 1976 struct run_softc *sc = data->sc; 1977 struct run_tx_ring *txq = &sc->txq[data->qid]; 1978 struct ifnet *ifp = &sc->sc_ic.ic_if; 1979 int s; 1980 1981 if (__predict_false(status != USBD_NORMAL_COMPLETION)) { 1982 DPRINTF(("TX status=%d\n", status)); 1983 if (status == USBD_STALLED) 1984 usbd_clear_endpoint_stall_async(txq->pipeh); 1985 ifp->if_oerrors++; 1986 return; 1987 } 1988 1989 s = splnet(); 1990 sc->sc_tx_timer = 0; 1991 ifp->if_opackets++; 1992 if (--txq->queued < RUN_TX_RING_COUNT) { 1993 sc->qfullmsk &= ~(1 << data->qid); 1994 ifp->if_flags &= ~IFF_OACTIVE; 1995 run_start(ifp); 1996 } 1997 splx(s); 1998 } 1999 2000 int 2001 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2002 { 2003 struct ieee80211com *ic = &sc->sc_ic; 2004 struct run_node *rn = (void *)ni; 2005 struct ieee80211_frame *wh; 2006 struct run_tx_ring *ring; 2007 struct run_tx_data *data; 2008 struct rt2870_txd *txd; 2009 struct rt2860_txwi *txwi; 2010 u_int hdrlen; 2011 uint16_t qos, dur; 2012 uint8_t type, mcs, tid, qid; 2013 int error, hasqos, ridx, ctl_ridx, xferlen; 2014 2015 wh = mtod(m, struct ieee80211_frame *); 2016 hdrlen = ieee80211_get_hdrlen(wh); 2017 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2018 2019 if ((hasqos = ieee80211_has_qos(wh))) { 2020 qos = ieee80211_get_qos(wh); 2021 tid = qos & IEEE80211_QOS_TID; 2022 qid = ieee80211_up_to_ac(ic, tid); 2023 } else { 2024 tid = 0; 2025 qid = EDCA_AC_BE; 2026 } 2027 ring = &sc->txq[qid]; 2028 data = &ring->data[ring->cur]; 2029 2030 /* pickup a rate index */ 2031 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2032 type != IEEE80211_FC0_TYPE_DATA) { 2033 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2034 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 2035 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2036 } else if (ic->ic_fixed_rate != -1) { 2037 ridx = sc->fixed_ridx; 2038 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2039 } else { 2040 ridx = rn->ridx[ni->ni_txrate]; 2041 ctl_ridx = rn->ctl_ridx[ni->ni_txrate]; 2042 } 2043 2044 /* get MCS code from rate index */ 2045 mcs = rt2860_rates[ridx].mcs; 2046 2047 xferlen = sizeof (*txwi) + m->m_pkthdr.len; 2048 /* roundup to 32-bit alignment */ 2049 xferlen = (xferlen + 3) & ~3; 2050 2051 txd = (struct rt2870_txd *)data->buf; 2052 txd->flags = RT2860_TX_QSEL_EDCA; 2053 txd->len = htole16(xferlen); 2054 2055 /* setup TX Wireless Information */ 2056 txwi = (struct rt2860_txwi *)(txd + 1); 2057 txwi->flags = 0; 2058 txwi->xflags = 0; 2059 txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ? 2060 RUN_AID2WCID(ni->ni_associd) : 0xff; 2061 txwi->len = htole16(m->m_pkthdr.len); 2062 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2063 txwi->phy = htole16(RT2860_PHY_CCK); 2064 if (ridx != RT2860_RIDX_CCK1 && 2065 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2066 mcs |= RT2860_PHY_SHPRE; 2067 } else 2068 txwi->phy = htole16(RT2860_PHY_OFDM); 2069 txwi->phy |= htole16(mcs); 2070 2071 txwi->txop = RT2860_TX_TXOP_BACKOFF; 2072 2073 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2074 (!hasqos || (qos & IEEE80211_QOS_ACK_POLICY_MASK) != 2075 IEEE80211_QOS_ACK_POLICY_NOACK)) { 2076 txwi->xflags |= RT2860_TX_ACK; 2077 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2078 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 2079 else 2080 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 2081 *(uint16_t *)wh->i_dur = htole16(dur + sc->sifs); 2082 } 2083 2084 #if NBPFILTER > 0 2085 if (__predict_false(sc->sc_drvbpf != NULL)) { 2086 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2087 struct mbuf mb; 2088 2089 tap->wt_flags = 0; 2090 tap->wt_rate = rt2860_rates[ridx].rate; 2091 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 2092 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 2093 tap->wt_hwqueue = qid; 2094 if (mcs & RT2860_PHY_SHPRE) 2095 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2096 2097 mb.m_data = (caddr_t)tap; 2098 mb.m_len = sc->sc_txtap_len; 2099 mb.m_next = m; 2100 mb.m_nextpkt = NULL; 2101 mb.m_type = 0; 2102 mb.m_flags = 0; 2103 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 2104 } 2105 #endif 2106 2107 m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)(txwi + 1)); 2108 m_freem(m); 2109 ieee80211_release_node(ic, ni); 2110 2111 xferlen += sizeof (*txd) + 4; 2112 2113 usbd_setup_xfer(data->xfer, ring->pipeh, data, data->buf, xferlen, 2114 USBD_FORCE_SHORT_XFER | USBD_NO_COPY, RUN_TX_TIMEOUT, run_txeof); 2115 error = usbd_transfer(data->xfer); 2116 if (__predict_false(error != USBD_IN_PROGRESS && error != 0)) 2117 return error; 2118 2119 ring->cur = (ring->cur + 1) % RUN_TX_RING_COUNT; 2120 if (++ring->queued >= RUN_TX_RING_COUNT) 2121 sc->qfullmsk |= 1 << qid; 2122 2123 return 0; 2124 } 2125 2126 void 2127 run_start(struct ifnet *ifp) 2128 { 2129 struct run_softc *sc = ifp->if_softc; 2130 struct ieee80211com *ic = &sc->sc_ic; 2131 struct ieee80211_node *ni; 2132 struct mbuf *m; 2133 2134 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 2135 return; 2136 2137 for (;;) { 2138 if (sc->qfullmsk != 0) { 2139 ifp->if_flags |= IFF_OACTIVE; 2140 break; 2141 } 2142 /* send pending management frames first */ 2143 IF_DEQUEUE(&ic->ic_mgtq, m); 2144 if (m != NULL) { 2145 ni = (void *)m->m_pkthdr.rcvif; 2146 goto sendit; 2147 } 2148 if (ic->ic_state != IEEE80211_S_RUN) 2149 break; 2150 2151 /* encapsulate and send data frames */ 2152 IFQ_DEQUEUE(&ifp->if_snd, m); 2153 if (m == NULL) 2154 break; 2155 #if NBPFILTER > 0 2156 if (ifp->if_bpf != NULL) 2157 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 2158 #endif 2159 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) 2160 continue; 2161 sendit: 2162 #if NBPFILTER > 0 2163 if (ic->ic_rawbpf != NULL) 2164 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 2165 #endif 2166 if (run_tx(sc, m, ni) != 0) { 2167 ieee80211_release_node(ic, ni); 2168 ifp->if_oerrors++; 2169 continue; 2170 } 2171 2172 sc->sc_tx_timer = 5; 2173 ifp->if_timer = 1; 2174 } 2175 } 2176 2177 void 2178 run_watchdog(struct ifnet *ifp) 2179 { 2180 struct run_softc *sc = ifp->if_softc; 2181 2182 ifp->if_timer = 0; 2183 2184 if (sc->sc_tx_timer > 0) { 2185 if (--sc->sc_tx_timer == 0) { 2186 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 2187 /* run_init(ifp); XXX needs a process context! */ 2188 ifp->if_oerrors++; 2189 return; 2190 } 2191 ifp->if_timer = 1; 2192 } 2193 2194 ieee80211_watchdog(ifp); 2195 } 2196 2197 int 2198 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 2199 { 2200 struct run_softc *sc = ifp->if_softc; 2201 struct ieee80211com *ic = &sc->sc_ic; 2202 struct ifaddr *ifa; 2203 struct ifreq *ifr; 2204 int s, error = 0; 2205 2206 s = splnet(); 2207 2208 switch (cmd) { 2209 case SIOCSIFADDR: 2210 ifa = (struct ifaddr *)data; 2211 ifp->if_flags |= IFF_UP; 2212 #ifdef INET 2213 if (ifa->ifa_addr->sa_family == AF_INET) 2214 arp_ifinit(&ic->ic_ac, ifa); 2215 #endif 2216 /* FALLTHROUGH */ 2217 case SIOCSIFFLAGS: 2218 if (ifp->if_flags & IFF_UP) { 2219 if (!(ifp->if_flags & IFF_RUNNING)) 2220 run_init(ifp); 2221 } else { 2222 if (ifp->if_flags & IFF_RUNNING) 2223 run_stop(ifp, 1); 2224 } 2225 break; 2226 2227 case SIOCADDMULTI: 2228 case SIOCDELMULTI: 2229 ifr = (struct ifreq *)data; 2230 error = (cmd == SIOCADDMULTI) ? 2231 ether_addmulti(ifr, &ic->ic_ac) : 2232 ether_delmulti(ifr, &ic->ic_ac); 2233 2234 if (error == ENETRESET) 2235 error = 0; 2236 break; 2237 2238 case SIOCS80211CHANNEL: 2239 /* 2240 * This allows for fast channel switching in monitor mode 2241 * (used by kismet). 2242 */ 2243 error = ieee80211_ioctl(ifp, cmd, data); 2244 if (error == ENETRESET && 2245 ic->ic_opmode == IEEE80211_M_MONITOR) { 2246 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2247 (IFF_UP | IFF_RUNNING)) 2248 run_set_chan(sc, ic->ic_ibss_chan); 2249 error = 0; 2250 } 2251 break; 2252 2253 default: 2254 error = ieee80211_ioctl(ifp, cmd, data); 2255 } 2256 2257 if (error == ENETRESET) { 2258 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 2259 (IFF_UP | IFF_RUNNING)) { 2260 run_stop(ifp, 0); 2261 run_init(ifp); 2262 } 2263 error = 0; 2264 } 2265 2266 splx(s); 2267 2268 return error; 2269 } 2270 2271 void 2272 run_select_chan_group(struct run_softc *sc, int group) 2273 { 2274 uint32_t tmp; 2275 2276 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 2277 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 2278 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 2279 run_bbp_write(sc, 86, 0x00); 2280 2281 if (group == 0) { 2282 if (sc->ext_2ghz_lna) { 2283 run_bbp_write(sc, 82, 0x62); 2284 run_bbp_write(sc, 75, 0x46); 2285 } else { 2286 run_bbp_write(sc, 82, 0x84); 2287 run_bbp_write(sc, 75, 0x50); 2288 } 2289 } else { 2290 if (sc->ext_5ghz_lna) { 2291 run_bbp_write(sc, 82, 0xf2); 2292 run_bbp_write(sc, 75, 0x46); 2293 } else { 2294 run_bbp_write(sc, 82, 0xf2); 2295 run_bbp_write(sc, 75, 0x50); 2296 } 2297 } 2298 2299 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 2300 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 2301 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 2302 run_write(sc, RT2860_TX_BAND_CFG, tmp); 2303 2304 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 2305 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN; 2306 if (group == 0) { /* 2GHz */ 2307 tmp |= RT2860_PA_PE_G0_EN | RT2860_LNA_PE_G0_EN; 2308 if (sc->ntxchains > 1) 2309 tmp |= RT2860_PA_PE_G1_EN; 2310 if (sc->nrxchains > 1) 2311 tmp |= RT2860_LNA_PE_G1_EN; 2312 } else { /* 5GHz */ 2313 tmp |= RT2860_PA_PE_A0_EN | RT2860_LNA_PE_A0_EN; 2314 if (sc->ntxchains > 1) 2315 tmp |= RT2860_PA_PE_A1_EN; 2316 if (sc->nrxchains > 1) 2317 tmp |= RT2860_LNA_PE_A1_EN; 2318 } 2319 run_write(sc, RT2860_TX_PIN_CFG, tmp); 2320 2321 /* set initial AGC value */ 2322 if (group == 0) 2323 run_bbp_write(sc, 66, 0x2e + sc->lna[0]); 2324 else 2325 run_bbp_write(sc, 66, 0x32 + (sc->lna[group] * 5) / 3); 2326 } 2327 2328 void 2329 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 2330 { 2331 const struct rfprog *rfprog = rt2860_rf2850; 2332 uint32_t r2, r3, r4; 2333 int8_t txpow1, txpow2; 2334 int i; 2335 2336 /* find the settings for this channel (we know it exists) */ 2337 for (i = 0; rfprog[i].chan != chan; i++); 2338 2339 r2 = rfprog[i].r2; 2340 if (sc->ntxchains == 1) 2341 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 2342 if (sc->nrxchains == 1) 2343 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 2344 else if (sc->nrxchains == 2) 2345 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 2346 2347 /* use Tx power values from EEPROM */ 2348 txpow1 = sc->txpow1[i]; 2349 txpow2 = sc->txpow2[i]; 2350 if (chan > 14) { 2351 if (txpow1 >= 0) 2352 txpow1 = txpow1 << 1; 2353 else 2354 txpow1 = (7 + txpow1) << 1 | 1; 2355 if (txpow2 >= 0) 2356 txpow2 = txpow2 << 1; 2357 else 2358 txpow2 = (7 + txpow2) << 1 | 1; 2359 } 2360 r3 = rfprog[i].r3 | txpow1 << 7; 2361 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 2362 2363 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 2364 run_rt2870_rf_write(sc, RT2860_RF2, r2); 2365 run_rt2870_rf_write(sc, RT2860_RF3, r3); 2366 run_rt2870_rf_write(sc, RT2860_RF4, r4); 2367 2368 DELAY(200); 2369 2370 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 2371 run_rt2870_rf_write(sc, RT2860_RF2, r2); 2372 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 2373 run_rt2870_rf_write(sc, RT2860_RF4, r4); 2374 2375 DELAY(200); 2376 2377 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 2378 run_rt2870_rf_write(sc, RT2860_RF2, r2); 2379 run_rt2870_rf_write(sc, RT2860_RF3, r3); 2380 run_rt2870_rf_write(sc, RT2860_RF4, r4); 2381 } 2382 2383 void 2384 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 2385 { 2386 int8_t txpow1, txpow2; 2387 uint8_t rf; 2388 2389 KASSERT(chan >= 1 && chan <= 14); /* RT3070 is 2GHz only */ 2390 2391 /* use Tx power values from EEPROM */ 2392 txpow1 = sc->txpow1[chan - 1]; 2393 txpow2 = sc->txpow2[chan - 1]; 2394 2395 run_rt3070_rf_write(sc, 2, run_rf3020_freqs[chan - 1].n); 2396 run_rt3070_rf_write(sc, 3, run_rf3020_freqs[chan - 1].k); 2397 run_rt3070_rf_read(sc, 6, &rf); 2398 rf = (rf & ~0x03) | run_rf3020_freqs[chan - 1].r; 2399 run_rt3070_rf_write(sc, 6, rf); 2400 2401 /* set Tx0 power */ 2402 run_rt3070_rf_read(sc, 12, &rf); 2403 rf = (rf & ~0x1f) | txpow1; 2404 run_rt3070_rf_write(sc, 12, rf); 2405 2406 /* set Tx1 power */ 2407 run_rt3070_rf_read(sc, 13, &rf); 2408 rf = (rf & ~0x1f) | txpow2; 2409 run_rt3070_rf_write(sc, 13, rf); 2410 2411 run_rt3070_rf_read(sc, 1, &rf); 2412 rf &= ~0xfc; 2413 if (sc->ntxchains == 1) 2414 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 2415 else if (sc->ntxchains == 2) 2416 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 2417 if (sc->nrxchains == 1) 2418 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 2419 else if (sc->nrxchains == 2) 2420 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 2421 run_rt3070_rf_write(sc, 1, rf); 2422 2423 /* set RF offset */ 2424 run_rt3070_rf_read(sc, 23, &rf); 2425 rf = (rf & ~0x7f) | sc->freq; 2426 run_rt3070_rf_write(sc, 23, rf); 2427 2428 /* program RF filter */ 2429 run_rt3070_rf_write(sc, 24, sc->rf24_20mhz); 2430 run_rt3070_rf_write(sc, 31, sc->rf24_20mhz); 2431 2432 /* enable RF tuning */ 2433 run_rt3070_rf_read(sc, 7, &rf); 2434 run_rt3070_rf_write(sc, 7, rf | 0x01); 2435 } 2436 2437 void 2438 run_set_rx_antenna(struct run_softc *sc, int aux) 2439 { 2440 uint32_t tmp; 2441 2442 if (aux) { 2443 run_read(sc, RT2860_PCI_EECTRL, &tmp); 2444 run_write(sc, RT2860_PCI_EECTRL, tmp & ~RT2860_C); 2445 run_read(sc, RT2860_GPIO_CTRL, &tmp); 2446 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 2447 } else { 2448 run_read(sc, RT2860_PCI_EECTRL, &tmp); 2449 run_write(sc, RT2860_PCI_EECTRL, tmp | RT2860_C); 2450 run_read(sc, RT2860_GPIO_CTRL, &tmp); 2451 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 2452 } 2453 } 2454 2455 int 2456 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 2457 { 2458 struct ieee80211com *ic = &sc->sc_ic; 2459 u_int chan, group; 2460 2461 chan = ieee80211_chan2ieee(ic, c); 2462 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 2463 return EINVAL; 2464 2465 if ((sc->mac_rev >> 16) >= 0x3070) 2466 run_rt3070_set_chan(sc, chan); 2467 else 2468 run_rt2870_set_chan(sc, chan); 2469 2470 /* 802.11a uses a 16 microseconds short interframe space */ 2471 sc->sifs = IEEE80211_IS_CHAN_5GHZ(c) ? 16 : 10; 2472 2473 /* determine channel group */ 2474 if (chan <= 14) 2475 group = 0; 2476 else if (chan <= 64) 2477 group = 1; 2478 else if (chan <= 128) 2479 group = 2; 2480 else 2481 group = 3; 2482 2483 /* XXX necessary only when group has changed! */ 2484 run_select_chan_group(sc, group); 2485 2486 DELAY(1000); 2487 return 0; 2488 } 2489 2490 void 2491 run_enable_tsf_sync(struct run_softc *sc) 2492 { 2493 struct ieee80211com *ic = &sc->sc_ic; 2494 uint32_t tmp; 2495 2496 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2497 tmp &= ~0x1fffff; 2498 tmp |= ic->ic_bss->ni_intval * 16; 2499 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 2500 /* local TSF is always updated with remote TSF on beacon reception */ 2501 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 2502 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 2503 } 2504 2505 void 2506 run_enable_mrr(struct run_softc *sc) 2507 { 2508 #define CCK(mcs) (mcs) 2509 #define OFDM(mcs) (1 << 3 | (mcs)) 2510 run_write(sc, RT2860_LG_FBK_CFG0, 2511 OFDM(6) << 28 | /* 54->48 */ 2512 OFDM(5) << 24 | /* 48->36 */ 2513 OFDM(4) << 20 | /* 36->24 */ 2514 OFDM(3) << 16 | /* 24->18 */ 2515 OFDM(2) << 12 | /* 18->12 */ 2516 OFDM(1) << 8 | /* 12-> 9 */ 2517 OFDM(0) << 4 | /* 9-> 6 */ 2518 OFDM(0)); /* 6-> 6 */ 2519 2520 run_write(sc, RT2860_LG_FBK_CFG1, 2521 CCK(2) << 12 | /* 11->5.5 */ 2522 CCK(1) << 8 | /* 5.5-> 2 */ 2523 CCK(0) << 4 | /* 2-> 1 */ 2524 CCK(0)); /* 1-> 1 */ 2525 #undef OFDM 2526 #undef CCK 2527 } 2528 2529 void 2530 run_set_txpreamble(struct run_softc *sc) 2531 { 2532 uint32_t tmp; 2533 2534 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 2535 if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE) 2536 tmp |= RT2860_CCK_SHORT_EN; 2537 else 2538 tmp &= ~RT2860_CCK_SHORT_EN; 2539 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 2540 } 2541 2542 void 2543 run_set_basicrates(struct run_softc *sc) 2544 { 2545 struct ieee80211com *ic = &sc->sc_ic; 2546 2547 /* set basic rates mask */ 2548 if (ic->ic_curmode == IEEE80211_MODE_11B) 2549 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 2550 else if (ic->ic_curmode == IEEE80211_MODE_11A) 2551 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 2552 else /* 11g */ 2553 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 2554 } 2555 2556 void 2557 run_set_leds(struct run_softc *sc, uint16_t which) 2558 { 2559 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 2560 which | (sc->leds & 0x7f)); 2561 } 2562 2563 void 2564 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 2565 { 2566 run_write(sc, RT2860_MAC_BSSID_DW0, 2567 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 2568 run_write(sc, RT2860_MAC_BSSID_DW1, 2569 bssid[4] | bssid[5] << 8); 2570 } 2571 2572 void 2573 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 2574 { 2575 run_write(sc, RT2860_MAC_ADDR_DW0, 2576 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 2577 run_write(sc, RT2860_MAC_ADDR_DW1, 2578 addr[4] | addr[5] << 8 | 0xff << 16); 2579 } 2580 2581 void 2582 run_updateslot(struct ieee80211com *ic) 2583 { 2584 /* do it in a process context */ 2585 run_do_async(ic->ic_softc, run_updateslot_cb, NULL, 0); 2586 } 2587 2588 /* ARGSUSED */ 2589 void 2590 run_updateslot_cb(struct run_softc *sc, void *arg) 2591 { 2592 uint32_t tmp; 2593 2594 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 2595 tmp &= ~0xff; 2596 tmp |= (sc->sc_ic.ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 2597 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 2598 } 2599 2600 #if NBPFILTER > 0 2601 int8_t 2602 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 2603 { 2604 struct ieee80211com *ic = &sc->sc_ic; 2605 struct ieee80211_channel *c = ic->ic_ibss_chan; 2606 int delta; 2607 2608 if (IEEE80211_IS_CHAN_5GHZ(c)) { 2609 u_int chan = ieee80211_chan2ieee(ic, c); 2610 delta = sc->rssi_5ghz[rxchain]; 2611 2612 /* determine channel group */ 2613 if (chan <= 64) 2614 delta -= sc->lna[1]; 2615 else if (chan <= 128) 2616 delta -= sc->lna[2]; 2617 else 2618 delta -= sc->lna[3]; 2619 } else 2620 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 2621 2622 return -12 - delta - rssi; 2623 } 2624 #endif 2625 2626 int 2627 run_bbp_init(struct run_softc *sc) 2628 { 2629 int i, error, ntries; 2630 uint8_t bbp0; 2631 2632 /* wait for BBP to wake up */ 2633 for (ntries = 0; ntries < 20; ntries++) { 2634 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 2635 return error; 2636 if (bbp0 != 0 && bbp0 != 0xff) 2637 break; 2638 } 2639 if (ntries == 20) 2640 return ETIMEDOUT; 2641 2642 /* initialize BBP registers to default values */ 2643 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 2644 run_bbp_write(sc, rt2860_def_bbp[i].reg, 2645 rt2860_def_bbp[i].val); 2646 } 2647 2648 /* fix BBP84 for RT2860E */ 2649 if ((sc->mac_rev >> 16) == 0x2860 && (sc->mac_rev & 0xffff) != 0x0101) 2650 run_bbp_write(sc, 84, 0x19); 2651 2652 if ((sc->mac_rev >> 16) >= 0x3070) { 2653 run_bbp_write(sc, 79, 0x13); 2654 run_bbp_write(sc, 80, 0x05); 2655 run_bbp_write(sc, 81, 0x33); 2656 /* XXX RT3090 needs more */ 2657 } else if (sc->mac_rev == 0x28600100) { 2658 run_bbp_write(sc, 69, 0x16); 2659 run_bbp_write(sc, 73, 0x12); 2660 } 2661 return 0; 2662 } 2663 2664 int 2665 run_rt3070_rf_init(struct run_softc *sc) 2666 { 2667 uint32_t tmp; 2668 uint8_t rf, bbp4; 2669 int i; 2670 2671 run_rt3070_rf_read(sc, 30, &rf); 2672 /* toggle RF R30 bit 7 */ 2673 run_rt3070_rf_write(sc, 30, rf | 0x80); 2674 DELAY(1000); 2675 run_rt3070_rf_write(sc, 30, rf & ~0x80); 2676 2677 /* initialize RF registers to default value */ 2678 for (i = 0; i < nitems(rt3070_def_rf); i++) { 2679 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 2680 rt3070_def_rf[i].val); 2681 } 2682 if ((sc->mac_rev >> 16) == 0x3070) { 2683 /* change voltage from 1.2V to 1.35V for RT3070 */ 2684 run_read(sc, RT3070_LDO_CFG0, &tmp); 2685 tmp = (tmp & ~0x0f000000) | 0x0d000000; 2686 run_write(sc, RT3070_LDO_CFG0, tmp); 2687 2688 } else if ((sc->mac_rev >> 16) == 0x3071) { 2689 run_rt3070_rf_read(sc, 6, &rf); 2690 run_rt3070_rf_write(sc, 6, rf | 0x40); 2691 run_rt3070_rf_write(sc, 31, 0x14); 2692 2693 run_read(sc, RT3070_LDO_CFG0, &tmp); 2694 tmp &= ~0x1f000000; 2695 if ((sc->mac_rev & 0xffff) < 0x0211) 2696 tmp |= 0x0d000000; 2697 else 2698 tmp |= 0x01000000; 2699 run_write(sc, RT3070_LDO_CFG0, tmp); 2700 2701 /* patch LNA_PE_G1 */ 2702 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 2703 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 2704 } 2705 2706 /* select 20MHz bandwidth */ 2707 run_rt3070_rf_read(sc, 31, &rf); 2708 run_rt3070_rf_write(sc, 31, rf & ~0x20); 2709 2710 /* calibrate filter for 20MHz bandwidth */ 2711 sc->rf24_20mhz = 0x1f; /* default value */ 2712 run_rt3070_filter_calib(sc, 0x07, 0x16, &sc->rf24_20mhz); 2713 2714 /* select 40MHz bandwidth */ 2715 run_bbp_read(sc, 4, &bbp4); 2716 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10); 2717 2718 /* calibrate filter for 40MHz bandwidth */ 2719 sc->rf24_40mhz = 0x2f; /* default value */ 2720 run_rt3070_filter_calib(sc, 0x27, 0x19, &sc->rf24_40mhz); 2721 2722 /* go back to 20MHz bandwidth */ 2723 run_bbp_read(sc, 4, &bbp4); 2724 run_bbp_write(sc, 4, bbp4 & ~0x18); 2725 2726 if ((sc->mac_rev & 0xffff) < 0x0211) 2727 run_rt3070_rf_write(sc, 27, 0x03); 2728 2729 run_read(sc, RT3070_OPT_14, &tmp); 2730 run_write(sc, RT3070_OPT_14, tmp | 1); 2731 2732 if ((sc->mac_rev >> 16) == 0x3071) { 2733 run_rt3070_rf_read(sc, 1, &rf); 2734 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 2735 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 2736 run_rt3070_rf_write(sc, 1, rf); 2737 2738 run_rt3070_rf_read(sc, 15, &rf); 2739 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 2740 2741 run_rt3070_rf_read(sc, 17, &rf); 2742 rf &= ~RT3070_TX_LO1; 2743 if ((sc->mac_rev & 0xffff) >= 0x0211 && !sc->ext_2ghz_lna) 2744 rf |= 0x20; /* fix for long range Rx issue */ 2745 run_rt3070_rf_write(sc, 17, rf); 2746 2747 run_rt3070_rf_read(sc, 20, &rf); 2748 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 2749 2750 run_rt3070_rf_read(sc, 21, &rf); 2751 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 2752 2753 run_rt3070_rf_read(sc, 27, &rf); 2754 rf &= ~0x77; 2755 if ((sc->mac_rev & 0xffff) < 0x0211) 2756 rf |= 0x03; 2757 run_rt3070_rf_write(sc, 27, rf); 2758 } 2759 return 0; 2760 } 2761 2762 int 2763 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 2764 uint8_t *val) 2765 { 2766 uint8_t rf22, rf24; 2767 uint8_t bbp55_pb, bbp55_sb, delta; 2768 int ntries; 2769 2770 /* program filter */ 2771 rf24 = init; /* initial filter value */ 2772 run_rt3070_rf_write(sc, 24, rf24); 2773 2774 /* enable baseband loopback mode */ 2775 run_rt3070_rf_read(sc, 22, &rf22); 2776 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 2777 2778 /* set power and frequency of passband test tone */ 2779 run_bbp_write(sc, 24, 0x00); 2780 for (ntries = 0; ntries < 100; ntries++) { 2781 /* transmit test tone */ 2782 run_bbp_write(sc, 25, 0x90); 2783 DELAY(1000); 2784 /* read received power */ 2785 run_bbp_read(sc, 55, &bbp55_pb); 2786 if (bbp55_pb != 0) 2787 break; 2788 } 2789 if (ntries == 100) 2790 return ETIMEDOUT; 2791 2792 /* set power and frequency of stopband test tone */ 2793 run_bbp_write(sc, 24, 0x06); 2794 for (ntries = 0; ntries < 100; ntries++) { 2795 /* transmit test tone */ 2796 run_bbp_write(sc, 25, 0x90); 2797 DELAY(1000); 2798 /* read received power */ 2799 run_bbp_read(sc, 55, &bbp55_sb); 2800 2801 delta = bbp55_pb - bbp55_sb; 2802 if (delta > target) 2803 break; 2804 2805 /* reprogram filter */ 2806 rf24++; 2807 run_rt3070_rf_write(sc, 24, rf24); 2808 } 2809 if (ntries < 100) { 2810 if (rf24 != init) 2811 rf24--; /* backtrack */ 2812 *val = rf24; 2813 run_rt3070_rf_write(sc, 24, rf24); 2814 } 2815 2816 /* restore initial state */ 2817 run_bbp_write(sc, 24, 0x00); 2818 2819 /* disable baseband loopback mode */ 2820 run_rt3070_rf_read(sc, 22, &rf22); 2821 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 2822 2823 return 0; 2824 } 2825 2826 int 2827 run_txrx_enable(struct run_softc *sc) 2828 { 2829 uint32_t tmp; 2830 int error, ntries; 2831 2832 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 2833 for (ntries = 0; ntries < 200; ntries++) { 2834 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 2835 return error; 2836 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 2837 break; 2838 DELAY(1000); 2839 } 2840 if (ntries == 200) 2841 return ETIMEDOUT; 2842 2843 DELAY(50); 2844 2845 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 2846 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 2847 2848 /* enable Rx bulk aggregation (set timeout and limit) */ 2849 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 2850 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 2851 run_write(sc, RT2860_USB_DMA_CFG, tmp); 2852 2853 /* set Rx filter */ 2854 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 2855 if (sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR) { 2856 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 2857 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 2858 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 2859 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 2860 if (sc->sc_ic.ic_opmode == IEEE80211_M_STA) 2861 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 2862 } 2863 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 2864 2865 run_write(sc, RT2860_MAC_SYS_CTRL, 2866 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 2867 2868 return 0; 2869 } 2870 2871 int 2872 run_init(struct ifnet *ifp) 2873 { 2874 struct run_softc *sc = ifp->if_softc; 2875 struct ieee80211com *ic = &sc->sc_ic; 2876 uint32_t tmp; 2877 uint8_t bbp1, bbp3; 2878 int i, error, qid, ridx, ntries; 2879 2880 for (ntries = 0; ntries < 100; ntries++) { 2881 if ((error = run_read(sc, RT2860_ASIC_VER_ID, &tmp)) != 0) 2882 goto fail; 2883 if (tmp != 0 && tmp != 0xffffffff) 2884 break; 2885 DELAY(10); 2886 } 2887 if (ntries == 100) { 2888 error = ETIMEDOUT; 2889 goto fail; 2890 } 2891 2892 if ((error = run_load_microcode(sc)) != 0) { 2893 printf("%s: could not load 8051 microcode\n", 2894 sc->sc_dev.dv_xname); 2895 goto fail; 2896 } 2897 2898 /* init host command ring */ 2899 sc->cmdq.cur = sc->cmdq.next = sc->cmdq.queued = 0; 2900 2901 /* init Tx rings (4 EDCAs) */ 2902 for (qid = 0; qid < 4; qid++) { 2903 if ((error = run_alloc_tx_ring(sc, qid)) != 0) 2904 goto fail; 2905 } 2906 /* init Rx ring */ 2907 if ((error = run_alloc_rx_ring(sc)) != 0) 2908 goto fail; 2909 2910 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 2911 run_set_macaddr(sc, ic->ic_myaddr); 2912 2913 for (ntries = 0; ntries < 100; ntries++) { 2914 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 2915 goto fail; 2916 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 2917 break; 2918 DELAY(1000); 2919 } 2920 if (ntries == 100) { 2921 printf("%s: timeout waiting for DMA engine\n", 2922 sc->sc_dev.dv_xname); 2923 error = ETIMEDOUT; 2924 goto fail; 2925 } 2926 tmp &= 0xff0; 2927 tmp |= RT2860_TX_WB_DDONE; 2928 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 2929 2930 /* turn off PME_OEN to solve high-current issue */ 2931 run_read(sc, RT2860_SYS_CTRL, &tmp); 2932 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 2933 2934 run_write(sc, RT2860_MAC_SYS_CTRL, 2935 RT2860_BBP_HRST | RT2860_MAC_SRST); 2936 run_write(sc, RT2860_USB_DMA_CFG, 0); 2937 2938 if ((error = run_reset(sc)) != 0) { 2939 printf("%s: could not reset chipset\n", sc->sc_dev.dv_xname); 2940 goto fail; 2941 } 2942 2943 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 2944 2945 /* init Tx power for all Tx rates (from EEPROM) */ 2946 for (ridx = 0; ridx < 5; ridx++) { 2947 if (sc->txpow20mhz[ridx] == 0xffffffff) 2948 continue; 2949 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 2950 } 2951 2952 for (i = 0; i < nitems(rt2870_def_mac); i++) 2953 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 2954 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 2955 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 2956 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 2957 2958 if ((sc->mac_rev >> 16) >= 0x3070) { 2959 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 2960 run_write(sc, RT2860_TX_SW_CFG0, 2961 4 << RT2860_DLY_PAPE_EN_SHIFT); 2962 run_write(sc, RT2860_TX_SW_CFG1, 0); 2963 run_write(sc, RT2860_TX_SW_CFG2, 0x1f); 2964 } 2965 2966 /* wait while MAC is busy */ 2967 for (ntries = 0; ntries < 100; ntries++) { 2968 if ((error = run_read(sc, RT2860_MAC_STATUS_REG, &tmp)) != 0) 2969 goto fail; 2970 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 2971 break; 2972 DELAY(1000); 2973 } 2974 if (ntries == 100) { 2975 error = ETIMEDOUT; 2976 goto fail; 2977 } 2978 2979 /* clear Host to MCU mailbox */ 2980 run_write(sc, RT2860_H2M_BBPAGENT, 0); 2981 run_write(sc, RT2860_H2M_MAILBOX, 0); 2982 DELAY(1000); 2983 2984 if ((error = run_bbp_init(sc)) != 0) { 2985 printf("%s: could not initialize BBP\n", sc->sc_dev.dv_xname); 2986 goto fail; 2987 } 2988 2989 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2990 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2991 RT2860_TBTT_TIMER_EN); 2992 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 2993 2994 /* clear RX WCID search table */ 2995 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 2996 /* clear WCID attribute table */ 2997 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 2998 /* clear shared key table */ 2999 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 3000 /* clear shared key mode */ 3001 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 3002 3003 run_read(sc, RT2860_US_CYC_CNT, &tmp); 3004 tmp = (tmp & ~0xff) | 0x1e; 3005 run_write(sc, RT2860_US_CYC_CNT, tmp); 3006 3007 if ((sc->mac_rev >> 16) == 0x2860 && (sc->mac_rev & 0xffff) != 0x0101) 3008 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 3009 3010 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 3011 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 3012 3013 /* write vendor-specific BBP values (from EEPROM) */ 3014 for (i = 0; i < 8; i++) { 3015 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 3016 continue; 3017 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 3018 } 3019 3020 /* select Main antenna for 1T1R devices */ 3021 if (sc->rf_rev == RT3070_RF_3020) 3022 run_set_rx_antenna(sc, 0); 3023 3024 /* send LEDs operating mode to microcontroller */ 3025 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 3026 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 3027 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 3028 3029 /* disable non-existing Rx chains */ 3030 run_bbp_read(sc, 3, &bbp3); 3031 bbp3 &= ~(1 << 3 | 1 << 4); 3032 if (sc->nrxchains == 2) 3033 bbp3 |= 1 << 3; 3034 else if (sc->nrxchains == 3) 3035 bbp3 |= 1 << 4; 3036 run_bbp_write(sc, 3, bbp3); 3037 3038 /* disable non-existing Tx chains */ 3039 run_bbp_read(sc, 1, &bbp1); 3040 if (sc->ntxchains == 1) 3041 bbp1 &= ~(1 << 3 | 1 << 4); 3042 run_bbp_write(sc, 1, bbp1); 3043 3044 if ((sc->mac_rev >> 16) >= 0x3070) 3045 run_rt3070_rf_init(sc); 3046 3047 /* select default channel */ 3048 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 3049 run_set_chan(sc, ic->ic_ibss_chan); 3050 3051 /* turn radio LED on */ 3052 run_set_leds(sc, RT2860_LED_RADIO); 3053 3054 for (i = 0; i < RUN_RX_RING_COUNT; i++) { 3055 struct run_rx_data *data = &sc->rxq.data[i]; 3056 3057 usbd_setup_xfer(data->xfer, sc->rxq.pipeh, data, data->buf, 3058 RUN_MAX_RXSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY, 3059 USBD_NO_TIMEOUT, run_rxeof); 3060 error = usbd_transfer(data->xfer); 3061 if (error != 0 && error != USBD_IN_PROGRESS) 3062 goto fail; 3063 } 3064 3065 if ((error = run_txrx_enable(sc)) != 0) 3066 goto fail; 3067 3068 ifp->if_flags &= ~IFF_OACTIVE; 3069 ifp->if_flags |= IFF_RUNNING; 3070 3071 if (ic->ic_flags & IEEE80211_F_WEPON) { 3072 /* install WEP keys */ 3073 for (i = 0; i < IEEE80211_WEP_NKID; i++) 3074 (void)run_set_key(ic, NULL, &ic->ic_nw_keys[i]); 3075 } 3076 3077 if (ic->ic_opmode == IEEE80211_M_MONITOR) 3078 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 3079 else 3080 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 3081 3082 if (error != 0) 3083 fail: run_stop(ifp, 1); 3084 return error; 3085 } 3086 3087 void 3088 run_stop(struct ifnet *ifp, int disable) 3089 { 3090 struct run_softc *sc = ifp->if_softc; 3091 struct ieee80211com *ic = &sc->sc_ic; 3092 uint32_t tmp; 3093 int s, ntries, qid; 3094 3095 if (ifp->if_flags & IFF_RUNNING) 3096 run_set_leds(sc, 0); /* turn all LEDs off */ 3097 3098 sc->sc_tx_timer = 0; 3099 ifp->if_timer = 0; 3100 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 3101 3102 timeout_del(&sc->scan_to); 3103 timeout_del(&sc->calib_to); 3104 3105 s = splusb(); 3106 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 3107 /* wait for all queued asynchronous commands to complete */ 3108 while (sc->cmdq.queued > 0) 3109 tsleep(&sc->cmdq, 0, "cmdq", 0); 3110 splx(s); 3111 3112 /* disable Tx/Rx */ 3113 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 3114 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 3115 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 3116 3117 /* wait for pending Tx to complete */ 3118 for (ntries = 0; ntries < 100; ntries++) { 3119 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) 3120 break; 3121 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) 3122 break; 3123 } 3124 DELAY(1000); 3125 run_write(sc, RT2860_USB_DMA_CFG, 0); 3126 3127 /* reset adapter */ 3128 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 3129 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 3130 3131 /* reset Tx and Rx rings */ 3132 sc->qfullmsk = 0; 3133 for (qid = 0; qid < 4; qid++) 3134 run_free_tx_ring(sc, qid); 3135 run_free_rx_ring(sc); 3136 } 3137